Security Release for issue4155


Veröffentlicht: 2014-09-30 10:00:00+00:00   |   Прочесть по-русски   |   Lire en français   |   Read in English   |   Llegeix-ho en català   |   Beri v slovenščini   |   Leer en español   |  Weitere Einträge über release security

Synopsis

A vulnerability in trytond has been found by duesenfranz, that might allow a malicious user to execute arbitrary commands on the server via the safe_eval function (see issue4155).

Impact

Any authenticated user can run arbitrary commands on the server with the permissions of the trytond user.

Workaround

There is no workaround.

Resolution

All users should upgrade trytond to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.