Описание
Security update for cobbler
This update for cobbler fixes the following issues:
- CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671).
The following non-security bugs were fixed:
- Move configuration files ownership to apache (bsc#1195906)
Список пакетов
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
koan-2.2.2-0.68.15.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
koan-2.2.2-0.68.15.1
Ссылки
- Link for SUSE-SU-2022:14891-1
- E-Mail link for SUSE-SU-2022:14891-1
- SUSE Security Ratings
- SUSE Bug 1193671
- SUSE Bug 1195906
- SUSE CVE CVE-2021-45083 page
Описание
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:koan-2.2.2-0.68.15.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:koan-2.2.2-0.68.15.1
Ссылки
- CVE-2021-45083
- SUSE Bug 1193671