crmsh-4.3.1+20210913.d7356663-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10700 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z crmsh-4.3.1+20210913.d7356663-1.2 on GA media These are all security issues fixed in the crmsh-4.3.1+20210913.d7356663-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10700 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10700 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-35459/ SUSE CVE CVE-2020-35459 page openSUSE Tumbleweed crmsh-4.3.1+20210913.d7356663-1.2 crmsh-scripts-4.3.1+20210913.d7356663-1.2 crmsh-test-4.3.1+20210913.d7356663-1.2 crmsh-4.3.1+20210913.d7356663-1.2 as a component of openSUSE Tumbleweed crmsh-scripts-4.3.1+20210913.d7356663-1.2 as a component of openSUSE Tumbleweed crmsh-test-4.3.1+20210913.d7356663-1.2 as a component of openSUSE Tumbleweed An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. CVE-2020-35459 openSUSE Tumbleweed:crmsh-4.3.1+20210913.d7356663-1.2 openSUSE Tumbleweed:crmsh-scripts-4.3.1+20210913.d7356663-1.2 openSUSE Tumbleweed:crmsh-test-4.3.1+20210913.d7356663-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-35459.html CVE-2020-35459 https://bugzilla.suse.com/1179999 SUSE Bug 1179999