File cve-2018-10931-forbid-exposure-of-private-methods-in.patch of Package cobbler.9541

From 7595977573184d2be3ff35188601efd6806f158c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
 <psuarezhernandez@suse.com>
Date: Fri, 10 Aug 2018 10:59:04 +0100
Subject: [PATCH] CVE-2018-10931 - forbid exposure of private methods in
 the API

---
 cobbler/remote.py | 2 ++
 1 file changed, 2 insertions(+)

Index: cobbler-2.6.6/cobbler/remote.py
===================================================================
--- cobbler-2.6.6.orig/cobbler/remote.py
+++ cobbler-2.6.6/cobbler/remote.py
@@ -2075,6 +2075,8 @@ class ProxiedXMLRPCInterface:
         self.logger = self.proxied.api.logger
 
     def _dispatch(self, method, params, **rest):
+        if method.startswith('_'):
+            raise CX("forbidden method")
 
         if not hasattr(self.proxied, method):
             raise CX("unknown remote method")

Places

File cve-2018-10931-forbid-exposure-of-private-methods-in.patch of Package cobbler.9541

Places