Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Glances: Arbitrary Code Execution — GLSA 202402-30

A vulnerability has been found in Glances which may lead to arbitrary code execution.

Affected packages

Package sys-process/glances on all architectures
Affected versions < 3.1.7
Unaffected versions >= 3.1.7

Background

Glances is an open-source system cross-platform monitoring tool. It allows real-time monitoring of various aspects of your system such as CPU, memory, disk, network usage etc.

Description

A vulnerability in XML parsing may lead to a variety of XML attacks.

Impact

A vulnerability in XML parsing may lead to a variety of XML attacks.

Workaround

There is no known workaround at this time.

Resolution

All Glances users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-process/glances-3.1.7"

References

Release date
February 26, 2024

Latest revision
February 26, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries