Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 3 Nov 2014 17:54:30 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: luci on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: luci security, bug fix, and enhancement update Advisory ID: SLSA-2014:1390-2 Issue Date: 2014-10-14 CVE Numbers: CVE-2014-3593 -- It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593) -- SL6 x86_64 luci-0.26.0-63.el6.x86_64.rpm luci-debuginfo-0.26.0-63.el6.x86_64.rpm i386 luci-0.26.0-63.el6.i686.rpm luci-debuginfo-0.26.0-63.el6.i686.rpm - Scientific Linux Development Team