Univention Bugzilla – Full Text Bug Listing |
Summary: | Remove univention-updater backdoor (code execution exploit) | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | UMC - Software update | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | hahn, requate |
Version: | UCS 4.4 | Flags: | best:
Patch_Available+
|
Target Milestone: | UCS 4.4-5-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 6.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C) | ||
Bug Depends on: | 43026 | ||
Bug Blocks: |
Description
Florian Best
2020-07-15 13:39:56 CEST
Introduced in Bug #43026 git:ed67b2c9671e0b0b6e095b4878e350f4f17ab83f. [4.4-5] faa060bb38 Bug #51672: univention-updater 14.0.2-15 base/univention-updater/debian/changelog | 6 ++++++ base/univention-updater/umc/python/updater/__init__.py | 2 +- doc/errata/staging/univention-updater.yaml | 13 +++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) Package: univention-updater Version: 14.0.2-15A~4.4.0.202007230944 Branch: ucs_4.4-0 Scope: errata4.4-5 [4.4-5] 45d6b34437 Bug #51672: univention-updater 14.0.2-15A~4.4.0.202007230944 doc/errata/staging/univention-updater.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) QA: python -c "import requests,yaml;version='4.4-5';url='https://updates.software-univention.de/download/ucs-maintenance/{}.yaml'.format(version);response=requests.get(url, timeout=10);status=yaml.safe_load(response.content);print(status)" bc55543151 | Advisory wording Verified: * Code change * UCS release update via UMC from 4.4-4 to 4.4-5 with patched version |