{"id":"MGASA-2017-0263","summary":"Updated supervisor packages fix security vulnerability","details":"A vulnerability has been found where an authenticated client can send a\nmalicious XML-RPC request to supervisord that will run arbitrary shell\ncommands on the server. The commands will be run as the same user as\nsupervisord. Depending on how supervisord has been configured, this may\nbe root (CVE-2017-11610).\n","modified":"2026-04-16T06:25:11.348735501Z","published":"2017-08-13T13:17:41Z","upstream":["CVE-2017-11610"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0263.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21477"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/"}],"affected":[{"package":{"name":"supervisor","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/supervisor?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0263.json"}},{"package":{"name":"supervisor","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/supervisor?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0263.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}