Synopsis: Moderate: luci security, bug fix, and enhancement update Advisory ID: SLSA-2014:1390-2 Issue Date: 2014-10-14 CVE Numbers: CVE-2014-3593 -- It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593) -- SL6 x86_64 luci-0.26.0-63.el6.x86_64.rpm luci-debuginfo-0.26.0-63.el6.x86_64.rpm i386 luci-0.26.0-63.el6.i686.rpm luci-debuginfo-0.26.0-63.el6.i686.rpm - Scientific Linux Development Team