========================================================================== Ubuntu Security Notice USN-6711-1 March 25, 2024
crmsh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: CRM shell could be made to execute arbitrary code if it received a specially crafted input. Software Description: - crmsh: CRM shell for the pacemaker cluster manager Details: Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: crmsh 4.2.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6711-1 CVE-2020-35459 Package Information: https://launchpad.net/ubuntu/+source/crmsh/4.2.0-2ubuntu1.1
signature.asc
Description: PGP signature
