Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 16.04 LTS USN-6475-1 Moderate: Cobbler Input Handling Attacks

ubuntu
Calendar Grey November 15, 2023
Dist Ubuntu Esm H88
Recent security advisories for Ubuntu 16.04 LTS address crucial vulnerabilities in Cobbler, as detailed in security update USN-6475-1. Explore the nature of these risks.
Several security issues were fixed in Cobbler.

Summary

Several security issues were fixed in Cobbler.

Software Description:

- cobbler: Cobbler is a versatile Linux deployment server

Details:

It was discovered that Cobbler did not properly handle user input, which

could result in an absolute path traversal. An attacker could possibly

use this issue to read arbitrary files. (CVE-2014-3225)

It was discovered that Cobbler did not properly handle user input, which

could result in command injection. An attacker could possibly use this

issue to execute arbitrary code with high privileges.

(CVE-2017-1000469, CVE-2021-45082)

It was discovered that Cobbler did not properly hide private functions in

a class. A remote attacker could possibly use this issue to gain high

privileges and upload files to an arbitrary location.

(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)

Nicolas Chatelain discovered that Cobbler did not properly handle user

input, which could result in log poisoning. A remote attacker could

possibl...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   cobbler                         2.4.1-0ubuntu2+esm1
   cobbler-common                  2.4.1-0ubuntu2+esm1
   cobbler-web                     2.4.1-0ubuntu2+esm1
   koan                            2.4.1-0ubuntu2+esm1
   python-cobbler                  2.4.1-0ubuntu2+esm1
   python-koan                     2.4.1-0ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6475-1

CVE-2014-3225, CVE-2017-1000469, CVE-2018-1000225, CVE-2018-1000226,

CVE-2018-10931, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325,

CVE-2021-45082, CVE-2021-45083, CVE-2022-0860

Ubuntu Security Notice USN-6475-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here