Описание
ELSA-2019-0482: cockpit security update (MODERATE)
[173.2-1.0.1]
- turn off display of subscriptions menu item in GUI
- Drop subscription-manager requirement since we do not ship it (tianyue.lan@oralce.com)
- Remove Red Hat references.
[173.2-1]
- ws: Fix bug parsing invalid base64 headers rhbz#1672296
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
cockpit
173.2-1.0.1.el7
cockpit-bridge
173.2-1.0.1.el7
cockpit-doc
173.2-1.0.1.el7
cockpit-machines-ovirt
173.2-1.0.1.el7
cockpit-system
173.2-1.0.1.el7
cockpit-ws
173.2-1.0.1.el7
Oracle Linux x86_64
cockpit
173.2-1.0.1.el7
cockpit-bridge
173.2-1.0.1.el7
cockpit-doc
173.2-1.0.1.el7
cockpit-machines-ovirt
173.2-1.0.1.el7
cockpit-system
173.2-1.0.1.el7
cockpit-ws
173.2-1.0.1.el7
Связанные CVE
Связанные уязвимости
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode ...
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.