DSA-1959-1 ganeti -- missing input sanitationID: oval:org.secpod.oval:def:600286 | Date: (C)2011-05-13 (M)2023-11-09 |
Class: PATCH | Family: unix |
It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master. For the stable distribution , this problem has been fixed in version 1.2.6-3+lenny2. For the testing distribution , this problem will be fixed in version 2.0.5-1. For the unstable distribution , this problem has been fixed in version 2.0.5-1. The oldstable distribution does not include ganeti. We recommend that you upgrade your ganeti packages.