It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master. For the stable distribution , this problem has been fixed in version 1.2.6-3+lenny2. For the testing distribution , this problem will be fixed in version 2.0.5-1. For the unstable distribution , this problem has been fixed in version 2.0.5-1. The oldstable distribution does not include ganeti. We recommend that you upgrade your ganeti packages.