Debian 9890 Published by

A supervisor update has been released for Debian 7 LTS

Package : supervisor
Version : 3.0a8-1.1+deb7u2
CVE ID : CVE-2017-11610
Debian Bug : 870187

A vulnerability has been found in supervisor, a system for controlling
process state, where an authenticated client can send a malicious
XML-RPC request to supervisord that will run arbitrary shell commands
on the server. The commands will be run as the same user as supervisord.

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your supervisor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
  Supervisor security update for Debian 7 LTS