Описание
ELSA-2024-3843: cockpit security update (MODERATE)
[311.2-1.0.1]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095], [Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876]
- Update spec file for new release
[311.2]
- Remove recommends on subscription-manager-cockpit if applicable
[311.2-1]
- sosreport: Fix command injection with crafted report names [CVE-2024-2947] (jira#RHEL-31074)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
cockpit
311.2-1.0.1.el9_4
cockpit-bridge
311.2-1.0.1.el9_4
cockpit-doc
311.2-1.0.1.el9_4
cockpit-packagekit
311.2-1.0.1.el9_4
cockpit-pcp
311.2-1.0.1.el9_4
cockpit-storaged
311.2-1.0.1.el9_4
cockpit-system
311.2-1.0.1.el9_4
cockpit-ws
311.2-1.0.1.el9_4
Oracle Linux x86_64
cockpit
311.2-1.0.1.el9_4
cockpit-bridge
311.2-1.0.1.el9_4
cockpit-doc
311.2-1.0.1.el9_4
cockpit-packagekit
311.2-1.0.1.el9_4
cockpit-pcp
311.2-1.0.1.el9_4
cockpit-storaged
311.2-1.0.1.el9_4
cockpit-system
311.2-1.0.1.el9_4
cockpit-ws
311.2-1.0.1.el9_4
Связанные CVE
Связанные уязвимости
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...
