SUSE-SU-2018:1741-1

Опубликовано: 19 июн. 2018

Источник: suse-cvrf

Описание

Security update for cobbler

This update for cobbler fixes the following issues:

CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594)
Fix for calling koan with virt_type kvm. (bsc#1090205)

Список пакетов

SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS

koan-2.2.2-0.68.3.1

SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS

koan-2.2.2-0.68.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181741-1/
Link for SUSE-SU-2018:1741-1
https://lists.suse.com/pipermail/sle-security-updates/2018-June/004198.html
E-Mail link for SUSE-SU-2018:1741-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1074594
SUSE Bug 1074594
https://bugzilla.suse.com/1090205
SUSE Bug 1090205
https://www.suse.com/security/cve/CVE-2017-1000469/
SUSE CVE CVE-2017-1000469 page

Описание

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:koan-2.2.2-0.68.3.1

SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:koan-2.2.2-0.68.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000469.html
CVE-2017-1000469
https://bugzilla.suse.com/1074594
SUSE Bug 1074594

SUSE-SU-2018:1741-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS

SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS

Ссылки

Уязвимость: CVE-2017-1000469

Описание

Затронутые продукты

Ссылки