Fedora Update Notification
2022-03-11 14:43:31.710611

Name        : cobbler
Product     : Fedora 35
Version     : 3.2.2
Release     : 10.fc35
URL         : https://cobbler.github.io/
Summary     : Boot server configurator
Description :
Cobbler is a network install server.  Cobbler supports PXE, ISO
virtualized installs, and re-installing existing Linux machines.
The last two modes use a helper tool, 'koan', that integrates with
cobbler.  There is also a web interface 'cobbler-web'.  Cobbler's
advanced features include importing distributions from DVDs and rsync
mirrors, kickstart templating, integrated yum mirroring, and built-in
DHCP/DNS Management.  Cobbler has a XML-RPC API for integration with
other applications.

Update Information:

Security fix for CVE-2021-45082, CVE-2021-45083

* Wed Mar  2 2022 Orion Poplawski  - 3.2.2-10
- More complete fix for CVE-2021-45083 - enforce permissions in %post
* Tue Mar  1 2022 Orion Poplawski  - 3.2.2-9
- Apply fixes for CVE-2021-45082/3
- Remove BR on python3-coverage

  [ 1 ] Bug #2056391 - CVE-2021-45082 cobbler: incomplete template sanitization [fedora-all]
  [ 2 ] Bug #2056394 - CVE-2021-45083 cobbler: unsafe permissions on sensitive files in /etc/cobbler [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-0c6402a6a3' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure