Stay Secure with the Latest Linux Advisories

security advisoryFedorafile permissions

Fedora 36: 2022-f1510aa454 Moderate: Cobbler File Permissions Issue

Security fix for CVE-2021-45082, CVE-2021-45083. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f1510aa454 2022-03-26 14:56:28.653368 --------------------------------------------------------------------------------Name : cobbler Product : Fedora 36 Version : 3.3.1 Release : 1.fc36 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-45082, CVE-2021-45083 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 1 2022 Orion Poplawski - 3.3.1-1 - Update to 3.3.1, removes web interface * Tue Mar 1 2022 Orion Poplawski - 3.2.2-9 - Apply fixes for CVE-2021-45082/3 - Remove BR on python3-coverage --------------------------------------------------------------------------------References: [ 1 ] Bug #2056391 - CVE-2021-45082 cobbler: incomplete template sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056391 [ 2 ] Bug #2056394 - CVE-2021-45083 cobbler: unsafe permissions on sensitive files in /etc/cobbler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056394 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f1510aa454' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The recent Cobbler patch addressing CVE-2021-45082 and CVE-2021-45083 effectively mitigates vulnerabilities affecting Fedora 36 installations.. Cobbler Update, Fedora Security, Security Fix, File Permissions. . LinuxSecurity.com Team

Mar 26, 2022 Fedora