Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

SUSE Manager 3.1: 2018:2608-1 Important Cobbler Security Fix

suse
Calendar Grey September 4, 2018
Dist Suse Esm H88
The new release for SUSE Manager tackles significant vulnerabilities in cobbler through strategic solutions and improved access management.
An update that solves three vulnerabilities and has three fixes is now available

Summary

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Fix kernel options when generating bootiso (bsc#1101670) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1832=1 Package List: - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.17.1

References

#1101670 #1104189 #1104190 #1104287 #1105440

#1105442

Cross- CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931

Affected Products:

SUSE Manager Server 3.1

https://www.suse.com/security/cve/CVE-2018-1000225.html

https://www.suse.com/security/cve/CVE-2018-1000226.html

https://www.suse.com/security/cve/CVE-2018-10931.html

https://bugzilla.suse.com/1101670

https://bugzilla.suse.com/1104189

https://bugzilla.suse.com/1104190

https://bugzilla.suse.com/1104287

https://bugzilla.suse.com/1105440

https://bugzilla.suse.com/1105442

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2608-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.