Security update for cobbler
This update for cobbler fixes the following issues:
The following security issue has been fixed:
- CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594)
Additionally, the following non-security issues have been fixed:
- Fix signature for SLES15. (bsc#1075014)
- Detect if there is already another instance of "cobbler sync" running and exit with failure if so. (bsc#1081714)
- Add SLES 15 distro profile. (bsc#1090205)
- Require tftp(server) instead of atftp.
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Benjamin Brunner (BenniBrunner)
Fixed bugs
bnc#1074594
CVE-2017-1000469: cobbler: command injection vulnerability in the "add repo" component
bnc#1075014
Cobbler import of SLES 15 iso is failing
bnc#1081714
L3: cobbler sync fails sporadically when run after a cobbler system add
bnc#1090205
Autoinstallation error
