==========================================================================
Ubuntu Security Notice USN-6711-1
March 25, 2024

crmsh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

CRM shell could be made to execute arbitrary code if it received
a specially crafted input.

Software Description:
- crmsh: CRM shell for the pacemaker cluster manager

Details:

Vincent Berg discovered that CRM shell incorrectly handled certain commands.
An local attacker could possibly use this issue to execute arbitrary code
via shell code injection to the crm history commandline.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  crmsh                           4.2.0-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6711-1
  CVE-2020-35459

Package Information:
  https://launchpad.net/ubuntu/+source/crmsh/4.2.0-2ubuntu1.1