The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "liboar-perl" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-admin" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-admin-dbgsym" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-api" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-common" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-common-dbgsym" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-doc" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-node" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-restful-api" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-restful-api-dbgsym" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-server" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-server-dbgsym" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-server-mysql" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-server-pgsql" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-user" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-user-dbgsym" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-user-mysql" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-user-pgsql" }, { "binary_version": "2.5.2-4.1ubuntu0.1~esm1", "binary_name": "oar-web-status" } ] }