CVE-2014-5247

Priority
Description
The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py
in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable
permissions for the configuration backup file, which allows local users to
obtain SSL keys, remote API credentials, and other sensitive information by
reading the file, related to the upgrade command.
Package
Upstream:released (2.11.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.15.2-3)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Patches:
Upstream:http://git.ganeti.org/?p=ganeti.git;a=commit;h=a89f62e2db9ccf715d64d1a6322474b54d2d9ae0
More Information

Updated: 2019-01-14 21:15:54 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)