Security Information / 2014 / Security Information -- DSA-3013-1 s3ql

Debian Security Advisory

DSA-3013-1 s3ql -- security update

Date Reported:

27 Aug 2014

Affected Packages:

s3ql

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-0485.

More information:

Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in version 1.11.1-3+deb7u1.

We recommend that you upgrade your s3ql packages.