All ProjectsArch LinuxCommunity PackagesPacmanRelease Engineering Switch

Show Task #

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

Tasklist

FS#69708 - [ipmitool] [Security] arbitrary code execution (CVE-2020-5208)

Task Type Bug Report Category Security Status Closed Assigned To Florian Pritz (bluewind) Levente Polyak (anthraxx) Architecture All Severity High Priority Normal Reported Version Due in Version Undecided Due Date Undecided Percent Complete Votes 0 Private No

Details Summary ======= The package ipmitool is vulnerable to arbitrary code execution via CVE-2020-5208. Guidance ======== Applying the six commits referenced below fixes the issue. References ========== https://security.archlinux.org/AVG-1596 https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637