MGASA-2021-0049

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0049.html

Import Source

https://advisories.mageia.org/MGASA-2021-0049.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0049

Related

CVE-2020-25459

Published

2021-01-22T23:50:14Z

Modified

2021-01-22T23:10:16Z

Summary

Updated crmsh packages fix security vulnerability

Details

The crm configure and hb_report commands failed to sanitize sensitive information by default (bsc#1163581).

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges (CVE-2020-25459).

The crmsh package has been updated to the latest git snapshot and patched for CVE-2020-25459, fixing these issues and several others.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / crmsh

Package

Name: crmsh
Purl: pkg:rpm/mageia/crmsh?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.0-0.39d42c2.1.1.mga7

Ecosystem specific

{
    "section": "core"
}