Malware Devil

Loading...

Monday, August 31, 2020

ESB-2020.2981 – [Linux][Debian] ros-actionlib: Execute arbitrary code/commands – Existing account 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2981
                       ros-actionlib security update
                              31 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ros-actionlib
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
                   Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-10289  

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2357

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running ros-actionlib check for an updated version of the software 
         for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2357-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
August 30, 2020                               https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : ros-actionlib
Version        : 1.11.7-1+deb9u1
CVE ID         : CVE-2020-10289
Debian Bug     : 

Use of unsafe yaml load was fixed in ros-actionlib,
the Robot OS actionlib library.

For Debian 9 stretch, this problem has been fixed in version
1.11.7-1+deb9u1.

We recommend that you upgrade your ros-actionlib packages.

For the detailed security status of ros-actionlib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ros-actionlib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9L2zwACgkQiNJCh6LY
mLE/jxAAujJTsDttLLd5yEaG56gtyqzm07txtaXa1zYa95EOf5uwZZRY4VBc9nrE
u+9WI6erk+F3fdrR1Q3C2z92+H50OzKdIu3Xz9FIBRmP82GUMNTXEtBT9n/MJIL2
yHF2V5GzEh936rFxyCsoWqFPA3u3RFQg+dS6tx8iJge+uOa3hrUNiJqpZx1DEwCz
JYAn2faxkU0XcG6nwmNWiAnIP9FlFj9FPuP/Kj02zSPBWidEonNDaA/U6o63t3cm
hTs1n5EuZz+3gJiQTZAPdKnV/GP4aORdYwBdto1kEsayr29nekqyKlYp55x7sPNk
nwT4Vp+X1jjl9CrLuZqRpgQSvehCYuBkSvz6T+9M3JmvYZj+Q8hFXBlWhneQdMBH
gZLNxtGAp3wUjDsrBbLjiBTOKh82p1zw3zYBnTq0/ImkK+S9+wg3DVId8Pwu8bac
qw+TIWDxyGEd5y6NZ9ACKllBLvOlJeibEsLG0cWoXhnjro4tK60Ajhcv1qZt7Xax
PFAasiyCOol1Y7DJNW6zbnpFUGDXfCIa5LeaBhRzv4sbQpYNhHFnpBCiv+EGkm96
3WDXiHF7RKztLU8vePRu2NEhoxM6mN7G6xDYWe6xQ5zS8Y3IK3Z56WNFzmlII4sN
vkZLtjr8fOWxJTNJe2Hsxy6SEU+hckk5cc0hslSUjyJfg7GG1TY=
=pslw
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX0yJtONLKJtyKPYoAQgT6Q/8CISz8CjfPY8GhNGAatd7ZVuJ3yuflRB6
2uUIDBN0D64VYSxWU2PEjC027glCuhSL/Y265qO2z9s9PquRO4d14cWpnLjy7E9B
PmJAr3WtGtv+Pggtxj3D2DCCJIAj94GLvZOa8M3w+RycVkqenObA5xE+B/7WdY3/
mm3uKNlOFIHO788TRqzNQwbOXhz4Lf98ldamA7bdNbHZACJNqO7qYZRed4/R91P2
oTIN7BiXDdxD32kuVoJrrAFn8ggBr5JWFDjT6+ecCxFo3z+6+DL6EUxefWVXKAow
dS91dmApdWeSPBmy4vLwV6+N7Pn7m/KLV+3ftKjNx2SisWWoE4LMauyPW9SZafHp
CVab23cGDwPT2ePkV1ZRLP8GeeGOG4KH40+1ZBMW9mQhdYJjtf7ySRK32Z/IdlgT
O/r3cT18Eb/aLP1KTQhdqaYMVYn/aLcybezX9uxUY/ZbF5/IzVmSllD2OBE4b9e/
gpCKpVrTIXldbUqvkfNDPpblastUszExzOQ9mWD/ForDqxNO72rmIY/R4HHFoYM+
/ioQgkKx/z1RRx8DQsFYhdq+h6Auyo13dQBhT5JlOvt9WC6fBVwdiqErUBXI3bR/
DbkqXB6VB3P0UqnxcsmCB0IXGZX5chOyvVX66mNIra6ThEq0v2DzTrzHlEQuzWYN
c3is2lEA+Ko=
=LEm4
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.2981 - [Linux][Debian] ros-actionlib: Execute arbitrary code/commands - Existing account first appeared on Malware Devil.



https://www.malwaredevil.com/2020/08/31/esb-2020-2981-linuxdebian-ros-actionlib-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2981-linuxdebian-ros-actionlib-execute-arbitrary-code-commands-existing-account
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...