SUSE-SU-2018:1736-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181736-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1736-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1736-1
Related
Published
2018-06-19T13:50:31Z
Modified
2018-06-19T13:50:31Z
Summary
Security update for cobbler
Details

This update for cobbler fixes the following issues:

The following security issue has been fixed:

  • CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594)

Additionally, the following non-security issues have been fixed:

  • Fix signature for SLES15. (bsc#1075014)
  • Detect if there is already another instance of 'cobbler sync' running and exit with failure if so. (bsc#1081714)
  • Add SLES 15 distro profile. (bsc#1090205)
  • Require tftp(server) instead of atftp.
References

Affected packages

SUSE:HPE Helion OpenStack 8 / cobbler

Package

Name
cobbler
Purl
pkg:rpm/suse/cobbler&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.6-49.9.1

Ecosystem specific

{
    "binaries": [
        {
            "cobbler": "2.6.6-49.9.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / cobbler

Package

Name
cobbler
Purl
pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.6-49.9.1

Ecosystem specific

{
    "binaries": [
        {
            "cobbler": "2.6.6-49.9.1"
        }
    ]
}

SUSE:Manager Client Tools 12 / cobbler

Package

Name
cobbler
Purl
pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.6-49.9.1

Ecosystem specific

{
    "binaries": [
        {
            "koan": "2.6.6-49.9.1"
        }
    ]
}

SUSE:Manager Server 3.0 / cobbler

Package

Name
cobbler
Purl
pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.6-49.9.1

Ecosystem specific

{
    "binaries": [
        {
            "cobbler": "2.6.6-49.9.1"
        }
    ]
}