openSUSE-SU-2024:0382-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0382-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0382-1
Related
Published
2024-11-28T17:32:46Z
Modified
2024-11-28T17:32:46Z
Summary
Security update for cobbler
Details

This update for cobbler fixes the following issues:

Update to 3.3.7:

  • Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332)

  • bind - Fix bug that prevents cname entries from being generated successfully

  • Fix build on RHEL9 based distributions (fence-agents-all split)
  • Fix for Windows systems
  • Docs: Add missing dependencies for source installation
  • Fix issue that prevented systems from being synced when the profile was edited

Update to 3.3.6:

  • Upstream all openSUSE specific patches that were maintained in Git
  • Fix rename of items that had uppercase letters

  • Skip inconsistent collections instead of crashing the daemon

    • Update to 3.3.5:
  • Added collection indicies for UUID's, MAC's, IP addresses and hostnames boo#1219933
  • Re-added to_dict() caching

  • Added lazy loading for the daemon (off by default)

    • Update to 3.3.4:

  • Added cobbler-tests-containers subpackage

  • Updated the distro_signatures.json database

  • The default name for grub2-efi changed to grubx64.efi to match the DHCP template

    • Do generate boot menus even if no profiles or systems - only local boot
    • Avoid crashing running buildiso in certain conditions.
    • Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
    • Consider case of 'next_server' being a hostname during migration of Cobbler collections.
    • Fix problem with 'proxyurlext' setting being None type.
    • Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2. (boo#1203478)
    • Fix problem for the migration of 'autoinstall' collection attribute.
    • Fix failing Cobbler tests after upgrading to 3.3.3.
    • Fix regression: allow empty string as interface_type value (boo#1203478)
    • Avoid possible override of existing values during migration of collections to 3.0.0 (boo#1206160)
    • Add missing code for previous patch file around boot_loaders migration.
    • Improve Cobbler performance with item cache and threadpool (boo#1205489)
    • Skip collections that are inconsistent instead of crashing (boo#1205749)
    • Items: Fix creation of 'default' NetworkInterface (boo#1206520)
    • S390X systems require their kernel options to have a linebreak at 79 characters (boo#1207595)
    • settings-migration-v1-to-v2.sh will now handle paths with whitespace correct
    • Fix renaming Cobbler items (boo#1204900, boo#1209149)
    • Fix cobbler buildiso so that the artifact can be booted by EFI firmware. (boo#1206060)
    • Add inputstring*, inputboolean, inputint functiont to public API
References

Affected packages

SUSE:Package Hub 15 SP5 / cobbler

Package

Name
cobbler
Purl
pkg:rpm/suse/cobbler&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.7-bp155.2.3.2

Ecosystem specific 

{
    "binaries": [
        {
            "cobbler": "3.3.7-bp155.2.3.2",
            "cobbler-tests-containers": "3.3.7-bp155.2.3.2",
            "cobbler-tests": "3.3.7-bp155.2.3.2"
        }
    ]
}

openSUSE:Leap 15.5 / cobbler

Package

Name
cobbler
Purl
pkg:rpm/opensuse/cobbler&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.7-bp155.2.3.2

Ecosystem specific 

{
    "binaries": [
        {
            "cobbler": "3.3.7-bp155.2.3.2",
            "cobbler-tests-containers": "3.3.7-bp155.2.3.2",
            "cobbler-tests": "3.3.7-bp155.2.3.2"
        }
    ]
}