Sicherheit: Ausführen beliebiger Kommandos in cobbler
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in cobbler
ID: FEDORA-2018-52ee188215
Distribution: Fedora
Plattformen: Fedora 28
Datum: Mi, 20. Juni 2018, 17:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000469
Applikationen: Cobbler


Fedora Update Notification
2018-06-20 14:46:13.328609

Name : cobbler
Product : Fedora 28
Version : 2.8.3
Release : 2.fc28
URL : http://cobbler.github.io/
Summary : Boot server configurator
Description :
Cobbler is a network install server. Cobbler supports PXE, ISO
virtualized installs, and re-installing existing Linux machines.
The last two modes use a helper tool, 'koan', that integrates with
cobbler. There is also a web interface 'cobbler-web'. Cobbler's
advanced features include importing distributions from DVDs and rsync
mirrors, kickstart templating, integrated yum mirroring, and built-in
DHCP/DNS Management. Cobbler has a XMLRPC API for integration with
other applications.

Update Information:

Update to 2.8.3 - Fix security issue

* Mon May 28 2018 Nicolas Chauvet <kwizart@gmail.com> - 2.8.3-2
- Restore mergeability with epel7
* Mon May 28 2018 Nicolas Chauvet <kwizart@gmail.com> - 2.8.3-1
- Update to 2.8.3 - security bugfix

[ 1 ] Bug #1532470 - CVE-2017-1000469 cobbler: Command injection in the
"add repo" component allows for remote code execution [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-52ee188215' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQV2FJBUBMMCYHCBQCHV3DFG7AH2HET3/
Pro-Linux @Facebook
Neue Nachrichten