-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2533-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 25, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : crmsh Version : 2.3.2-4+deb9u1 CVE ID : CVE-2020-35459 It was discovered that there was an in issue in the command-line tool for the Pacemaker High Availability stack. Local attackers were able to execute commands via shell code injection to the "crm history" command-line tool, potentially allowing escalation of privileges. For Debian 9 "Stretch", this problem has been fixed in version 2.3.2-4+deb9u1. We recommend that you upgrade your crmsh packages. For the detailed security status of crmsh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/crmsh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAO3r4ACgkQHpU+J9Qx Hlhn7xAAsa71MV3K3hCzIlxPe8raFcJ815X9VyX3/TSTiOk25sONTIkQZi1MbUxz VZP9dv87xsdNyOBVY6R7gxXinmM1pdfiOcJ/Na5/UHi4MWbrXO6dTGxJ9qYa1F9t Bzt5UU2dHiLKlTSHP5WT0QvH0EHMK7ZONdFbpHsNtATsvqSK2anhep7aB+gN4AMI AVs4Z21282nGPTb3kHSVS/+540wzrTL1WMiA2UH35scPb+NjoZdE+Xn9m77sqPjb q4LO0ok1aVmcDX/rIXtGB010udxCIMVX2qaUDS+/geF+QdbbW7HeGxABOJegtHys QyQd5JDPmnt59pRnlmqPvalI84rSPsPEgoh1CGH8Jkesu2G8TxGpRLTLCzL4rDc4 lALO3AH2kb+XyheWOgPPYVqGyTJte5JOu3As4iko6poTKsDjd0vFfZV+v6yomKZu dlFaLMC8ClOh9r8FREcYLGrjqUKP32qlok1GWoyqtdCHcpXy7RfjuxWWTDZwwOay VbKkBMesoK5tqFX4BD2pLuxYH/P/2vyWr/FwD+c3AneL9Xk5fX4kEgTNy/63JkbT dxQDhQKqIzHv6uqH6NZPQvhZkAqOIK/Ch28x/+l1Gm6dYLW/DocVWBX1iTEb8VpD uvbtoshqxuxoWYBLqsK3Jp+yNCBHi/i+lnV+h7gJU6Wn+o77vs4= =oVSi -----END PGP SIGNATURE-----
