Fedora 38: 2024-31e83b461d moderate: Fix Cockpit Command Injection
fedora
April 18, 2024
sosreport: Fix command injection with crafted report names [CVE-2024-2947]
Summary
The Cockpit Web Console enables users to administer GNU/Linux servers using a
web browser.
It offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.
Update Information:
sosreport: Fix command injection with crafted report names [CVE-2024-2947]
Change Log
* Tue Apr 2 2024 Packit
References
[ 1 ] Bug #2271815 - CVE-2024-2947 cockpit: command injection when deleting a sosreport with a crafted name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271815
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-31e83b461d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Name: cockpit
Product: Fedora 38
Version: 311.2
Release: 1.fc38
Summary: Web Console for Linux servers
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!