Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 24 articles for you...
202
security advisoryfixesserver securityopenSUSE Backports SLE-15-SP5: 2024:0382-1 important: API security fix
An update that solves one vulnerability and has 10 fixes is now available. . openSUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0382-1 Rating: important References: #1203478 #1204900 #1205489 #1205749 #1206060 #1206160 #1206520 #1207595 #1209149 #1219933 #1231332 Cross-References: CVE-2024-47533 CVSS scores: CVE-2024-47533 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for cobbler fixes the following issues: Update to 3.3.7: * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited Update to 3.3.6: * Upstream all openSUSE specific patches that were maintained in Git * Fix rename of items that had uppercase letters * Skip inconsistent collections instead of crashing the daemon - Update to 3.3.5: * Added collection indicies for UUID's, MAC's, IP addresses and hostnames boo#1219933 * Re-added to_dict() caching * Added lazy loading for the daemon (off by default) - Update to 3.3.4: * Added cobbler-tests-containers subpackage * Updated the distro_signatures.json database * The default name for grub2-efi changed to grubx64.efi to match the DHCP template - Do generateboot menus even if no profiles or systems - only local boot - Avoid crashing running buildiso in certain conditions. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478) - Consider case of "next_server" being a hostname during migration of Cobbler collections. - Fix problem with "proxy_url_ext" setting being None type. - Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2. (boo#1203478) - Fix problem for the migration of "autoinstall" collection attribute. - Fix failing Cobbler tests after upgrading to 3.3.3. - Fix regression: allow empty string as interface_type value (boo#1203478) - Avoid possible override of existing values during migration of collections to 3.0.0 (boo#1206160) - Add missing code for previous patch file around boot_loaders migration. - Improve Cobbler performance with item cache and threadpool (boo#1205489) - Skip collections that are inconsistent instead of crashing (boo#1205749) - Items: Fix creation of "default" NetworkInterface (boo#1206520) - S390X systems require their kernel options to have a linebreak at 79 characters (boo#1207595) - settings-migration-v1-to-v2.sh will now handle paths with whitespace correct - Fix renaming Cobbler items (boo#1204900, boo#1209149) - Fix cobbler buildiso so that the artifact can be booted by EFI firmware. (boo#1206060) - Add input_string_*, input_boolean, input_int functiont to public API Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-382=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): cobbler-3.3.7-bp155.2.3.2 cobbler-tests-3.3.7-bp155.2.3.2 cobbler-tests-containers-3.3.7-bp155.2.3.2 References: https://www.suse.com/security/cve/CVE-2024-47533.html https://bugzilla.suse.com/1203478 https://bugzilla.suse.com/1204900 https://bugzilla.suse.com/1205489 https://bugzilla.suse.com/1205749 https://bugzilla.suse.com/1206060 https://bugzilla.suse.com/1206160 https://bugzilla.suse.com/1206520 https://bugzilla.suse.com/1207595 https://bugzilla.suse.com/1209149 https://bugzilla.suse.com/1219933 https://bugzilla.suse.com/1231332 . A noteworthy release for Fedora addresses a critical bug while introducing several improvements for the Ansible automation framework.. openSUSE security update,cobbler API fix,openSUSE Backports,important update. . Severity: Important. LinuxSecurity.com Team
Nov 28, 2024
•Important
OpenSUSE
89
security advisoryupdateFedoraFedora 40: FEDORA-2024-76d8603c78 moderate: cobbler XML-RPC exploit
Update to 3.3.7 - CVE-2024-47533. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-76d8603c78 2024-11-26 04:38:12.122771+00:00 -------------------------------------------------------------------------------- Name : cobbler Product : Fedora 40 Version : 3.3.7 Release : 1.fc40 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. -------------------------------------------------------------------------------- Update Information: Update to 3.3.7 - CVE-2024-47533 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 - Update to 3.3.7 (CVE-2024-47533) * Fri Sep 27 2024 Carl George - 3.3.6-2 - Fix cheetah dependency rhbz#2314630 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2326874 - cobbler-3.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2326874 [ 2 ] Bug #2327081 - CVE-2024-47533 cobbler: Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2327081 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-76d8603c78' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 26, 2024
Fedora
89
security advisorysecurity updateFedoraFedora 41 - FEDORA-2024-4f04edd1e7 critical: cobbler security update
Update to 3.3.7 - CVE-2024-47533. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-4f04edd1e7 2024-11-26 03:12:45.928809+00:00 -------------------------------------------------------------------------------- Name : cobbler Product : Fedora 41 Version : 3.3.7 Release : 1.fc41 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. -------------------------------------------------------------------------------- Update Information: Update to 3.3.7 - CVE-2024-47533 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 - Update to 3.3.7 (CVE-2024-47533) * Fri Sep 27 2024 Carl George - 3.3.6-2 - Fix cheetah dependency rhbz#2314630 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2326874 - cobbler-3.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2326874 [ 2 ] Bug #2327082 - CVE-2024-47533 cobbler: Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2327082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4f04edd1e7' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 26, 2024
•Critical
Fedora
202
security advisorysecurity updatecriticalopenSUSE: 2024:0370-1 critical update for cobbler API access issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0370-1 Rating: critical References: #1231332 Cross-References: CVE-2024-47533 CVSS scores: CVE-2024-47533 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cobbler fixes the following issues: Update to 3.3.7 * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-370=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): cobbler-3.3.7-bp156.2.6.1 cobbler-tests-3.3.7-bp156.2.6.1 cobbler-tests-containers-3.3.7-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-47533.html https://bugzilla.suse.com/1231332 . An important security patch for cobbler fixes an issue related to API accessibility in openSUSE environments.. openSUSE security, cobbler update, API access fix, critical patch. . Severity: Critical. LinuxSecurity.com Team
Nov 21, 2024
•Critical
OpenSUSE
172
security advisorycode executionprivilege escalationUbuntu 16.04 LTS USN-6475-1 Moderate: Cobbler Input Handling Attacks
Several security issues were fixed in Cobbler.. ========================================================================== Ubuntu Security Notice USN-6475-1 November 13, 2023 cobbler vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Cobbler. Software Description: - cobbler: Cobbler is a versatile Linux deployment server Details: It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. (CVE-2014-3225) It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to execute arbitrary code with high privileges. (CVE-2017-1000469, CVE-2021-45082) It was discovered that Cobbler did not properly hide private functions in a class. A remote attacker could possibly use this issue to gain high privileges and upload files to an arbitrary location. (CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226) Nicolas Chatelain discovered that Cobbler did not properly handle user input, which could result in log poisoning. A remote attacker could possibly use this issue to bypass authorization, write in an arbitrary file, or execute arbitrary code. (CVE-2021-40323, CVE-2021-40324, CVE-2021-40325) It was discovered that Cobbler did not properly handle file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2021-45083) It was discovered that Cobbler did not properly process credentials for expired accounts. An attacker could possibly use this issue to login to the platform with an expired account or password. (CVE-2022-0860) Update instructions: The problem can becorrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): cobbler 2.4.1-0ubuntu2+esm1 cobbler-common 2.4.1-0ubuntu2+esm1 cobbler-web 2.4.1-0ubuntu2+esm1 koan 2.4.1-0ubuntu2+esm1 python-cobbler 2.4.1-0ubuntu2+esm1 python-koan 2.4.1-0ubuntu2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6475-1 CVE-2014-3225, CVE-2017-1000469, CVE-2018-1000225, CVE-2018-1000226, CVE-2018-10931, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325, CVE-2021-45082, CVE-2021-45083, CVE-2022-0860 . Recent security advisories for Ubuntu 16.04 LTS address crucial vulnerabilities in Cobbler, as detailed in security update USN-6475-1. Explore the nature of these risks.. Ubuntu Cobbler Security, Deployment Server Threats, Input Handling Risks. . LinuxSecurity.com Team
Nov 15, 2023
Ubuntu
89
security advisoryfedoraupdateDebian 10: 2022-3a506b7e9a High: OpenSSL Security Patch
Fix for CVE-2022-0860. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-445ec90e7c 2022-03-31 01:13:49.967881 --------------------------------------------------------------------------------Name : cobbler Product : Fedora 35 Version : 3.2.2 Release : 9.fc35 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. --------------------------------------------------------------------------------Update Information: Fix for CVE-2022-0860 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 1 2022 Orion Poplawski - 3.2.2-9 - Apply fixes for CVE-2021-45082/3 - Remove BR on python3-coverage --------------------------------------------------------------------------------References: [ 1 ] Bug #2066593 - CVE-2022-0860 cobbler: Improper Authorization in cobbler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2066593 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-445ec90e7c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 30, 2022
Fedora
89
security advisoryfedoracriticalFedora 34: FEDORA-2022-ad2b0ad61b Critical Cobbler Improper Authorization
Fix for CVE-2022-0860. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ad2b0ad61b 2022-03-31 00:40:22.401109 --------------------------------------------------------------------------------Name : cobbler Product : Fedora 34 Version : 3.2.2 Release : 11.fc34 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. --------------------------------------------------------------------------------Update Information: Fix for CVE-2022-0860 --------------------------------------------------------------------------------ChangeLog: * Wed Mar 23 2022 Orion Poplawski - 3.2.2-11 - Add upstream patch for CVE-2022-0860 (bz#2066592) --------------------------------------------------------------------------------References: [ 1 ] Bug #2066593 - CVE-2022-0860 cobbler: Improper Authorization in cobbler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2066593 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ad2b0ad61b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 30, 2022
•Critical
Fedora
89
security advisoryFedorafile permissionsFedora 36: 2022-f1510aa454 Moderate: Cobbler File Permissions Issue
Security fix for CVE-2021-45082, CVE-2021-45083. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f1510aa454 2022-03-26 14:56:28.653368 --------------------------------------------------------------------------------Name : cobbler Product : Fedora 36 Version : 3.3.1 Release : 1.fc36 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-45082, CVE-2021-45083 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 1 2022 Orion Poplawski - 3.3.1-1 - Update to 3.3.1, removes web interface * Tue Mar 1 2022 Orion Poplawski - 3.2.2-9 - Apply fixes for CVE-2021-45082/3 - Remove BR on python3-coverage --------------------------------------------------------------------------------References: [ 1 ] Bug #2056391 - CVE-2021-45082 cobbler: incomplete template sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056391 [ 2 ] Bug #2056394 - CVE-2021-45083 cobbler: unsafe permissions on sensitive files in /etc/cobbler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056394 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f1510aa454' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 26, 2022
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!