Описание
ELSA-2024-3667: cockpit security update (MODERATE)
[310.4-1.0.1]
- Update documentation links [Orabug: 34706402]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 33862832]
- Update documentation links [Orabug: 32795691]
- Make documentation links point to Oracle Linux information [Orabug: 30271413] [Orabug: 32013095]
- Fix rendering of hwinfo page on systems with some empty memory slots [Orabug: 32826970]
[310.4-1]
- sosreport: Fix command injection with crafted report names [CVE-2024-2947] (jira#RHEL-30452)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
cockpit
310.4-1.0.1.el8_10
cockpit-bridge
310.4-1.0.1.el8_10
cockpit-doc
310.4-1.0.1.el8_10
cockpit-system
310.4-1.0.1.el8_10
cockpit-ws
310.4-1.0.1.el8_10
Oracle Linux x86_64
cockpit
310.4-1.0.1.el8_10
cockpit-bridge
310.4-1.0.1.el8_10
cockpit-doc
310.4-1.0.1.el8_10
cockpit-system
310.4-1.0.1.el8_10
cockpit-ws
310.4-1.0.1.el8_10
Связанные CVE
Связанные уязвимости
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...
