It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.
https://security-tracker.debian.org/tracker/DSA-5655-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5655-1
Continue reading...