Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 27: FEDORA-2018-f96f72ce8f Critical: COBBLER Remote Code Execution

fedora
Calendar Grey June 20, 2018
Dist Fedora Esm H88
Cobbler security fix for remote code execution in Fedora 27. Apply this update to secure your system against threats.
Update to 2.8.3 - Fix security issue

Summary

Cobbler is a network install server. Cobbler supports PXE, ISO

virtualized installs, and re-installing existing Linux machines.

The last two modes use a helper tool, 'koan', that integrates with

cobbler. There is also a web interface 'cobbler-web'. Cobbler's

advanced features include importing distributions from DVDs and rsync

mirrors, kickstart templating, integrated yum mirroring, and built-in

DHCP/DNS Management. Cobbler has a XMLRPC API for integration with

other applications.

Update to 2.8.3 - Fix security issue

* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2

- Restore mergeability with epel7

* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1

- Update to 2.8.3 - security bugfix

* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6

- Really fix django requires for Fedora 28+

* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5

- Fix django requires for Fedora 28+

* Fri Feb 9 2018 Igor Gnatenko - 2.8.2-4

- Escape macros in %changelog

* Wed Feb 7 2018 Fedora Release Engineering - 2.8.2-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Tue Feb 6 2018 Iryna Shcherbina - 2.8.2-2

- Update Python 2 dependency declarations to new packaging standards

[ 1 ] Bug #1532470 - CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1532470

su -c 'dnf upgrade --advisory FEDORA-2018-f96f72ce8f' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4FXW2VWYD67GT3VFBKAP4YXVKL2IHGO/

Topics%20covered

Topics Covered

security advisory security issue fedora critical software update remote code execution cobbler

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 2.8.3
Release: 2.fc27
URL: https://cobbler.github.io/
Summary: Boot server configurator

Topics%20covered

Topics Covered

security advisory security issue fedora critical software update remote code execution cobbler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here