Security update for cobbler (moderate)

2018-06-2112:07:52

lists.opensuse.org

0.004 Low

EPSS

Percentile

72.9%

JSON

This update for cobbler fixes the following issues:

The following security issue has been fixed:

CVE-2017-1000469: Escape shell parameters provided by the user for the
reposync action. (bsc#1074594)

Additionally, the following non-security issues have been fixed:

Fix signature for SLES15. (bsc#1075014)
Detect if there is already another instance of "cobbler sync" running
and exit with failure if so. (bsc#1081714)
Add SLES 15 distro profile. (bsc#1090205)
Require tftp(server) instead of atftp.

This update was imported from the SUSE:SLE-12:Update update project.

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3noarchcobbler< 2.6.6-14.1cobbler-2.6.6-14.1.noarch.rpm
openSUSE Leap42.3noarchkoan< 2.6.6-14.1koan-2.6.6-14.1.noarch.rpm
openSUSE Leap42.3noarchcobbler-web< 2.6.6-14.1cobbler-web-2.6.6-14.1.noarch.rpm
openSUSE Leap42.3noarchcobbler-tests< 2.6.6-14.1cobbler-tests-2.6.6-14.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE Leap	42.3	noarch	cobbler	< 2.6.6-14.1	cobbler-2.6.6-14.1.noarch.rpm
openSUSE Leap	42.3	noarch	koan	< 2.6.6-14.1	koan-2.6.6-14.1.noarch.rpm
openSUSE Leap	42.3	noarch	cobbler-web	< 2.6.6-14.1	cobbler-web-2.6.6-14.1.noarch.rpm
openSUSE Leap	42.3	noarch	cobbler-tests	< 2.6.6-14.1	cobbler-tests-2.6.6-14.1.noarch.rpm