SUSE: 2022:3750-1 Moderate: Cobbler DoS and XML Injection Fixes
suse
October 26, 2022
An update that solves 5 vulnerabilities, contains one feature and has 40 fixes is now available
Summary
This update fixes the following issues: cobbler: - Consider case of "next_server" being a hostname during migration of Cobbler collections. - Fix problem with "proxy_url_ext" setting being None type. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (bsc#1203478) - Do generate boot menus even if no profiles or systems - only local boot - Avoid crashing running buildiso in certain conditions. - Fix issue that a custom kernel with the extension ".kernel" is not accepted by "cobbler distro add" - Fix issue with "get_item_resolved_value" that prevented it from returning in cases where a complex object would have been returned - Fix issue where the logs would have been spammed with "grab_tree" messages that are meant for debugging
References
#1191857 #1195624 #1196729 #1197027 #1198168
#1198903 #1199726 #1200480 #1200573 #1200629
#1201210 #1201220 #1201260 #1201589 #1201626
#1201753 #1201788 #1201913 #1201918 #1202271
#1202272 #1202367 #1202455 #1202464 #1202602
#1202728 #1202729 #1202805 #1202899 #1203026
#1203049 #1203056 #1203169 #1203287 #1203288
#1203385 #1203406 #1203422 #1203449 #1203478
#1203484 #1203564 #1203585 #1203611 #1204208
SUMA-112
Cross- CVE-2021-41411 CVE-2021-42740 CVE-2021-43138
CVE-2022-0860 CVE-2022-31129
CVSS scores:
CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2022:3750-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!