update for cobbler
Specially crafted YAML could allow attackers to execute arbitrary code due to
the use of yaml.load instead of yaml.safe_load.
Cobbler-web was prone to Cross-Site-Request-Forgery (CSRF)
-
Submitted by
Uwe Gansert (ug)
Fixed bugs
bnc#757316
cobbler: multiple CSRF vulnerabilities in web interface
bnc#757062
cobbler: privilege escalation flaw / local root
bnc#757479
cobbler-web: privilege escalation via PYTHON_EGG_CACHE
CVE-CVE-2011-4953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2011-4952
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2011-4954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
