openSUSE-SU-2018:1770-1

Опубликовано: 21 июн. 2018

Источник: suse-cvrf

Описание

Security update for cobbler

This update for cobbler fixes the following issues:

The following security issue has been fixed:

CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594)

Additionally, the following non-security issues have been fixed:

Fix signature for SLES15. (bsc#1075014)
Detect if there is already another instance of 'cobbler sync' running and exit with failure if so. (bsc#1081714)
Add SLES 15 distro profile. (bsc#1090205)
Require tftp(server) instead of atftp.

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

cobbler-2.6.6-14.1

cobbler-tests-2.6.6-14.1

cobbler-web-2.6.6-14.1

koan-2.6.6-14.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00039.html
E-Mail link for openSUSE-SU-2018:1770-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

Затронутые продукты

openSUSE Leap 42.3:cobbler-2.6.6-14.1

openSUSE Leap 42.3:cobbler-tests-2.6.6-14.1

openSUSE Leap 42.3:cobbler-web-2.6.6-14.1

openSUSE Leap 42.3:koan-2.6.6-14.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000469.html
CVE-2017-1000469
https://bugzilla.suse.com/1074594
SUSE Bug 1074594

openSUSE-SU-2018:1770-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-1000469

Описание

Затронутые продукты

Ссылки