Overview

File _patchinfo of Package patchinfo.7535

<patchinfo incident="7535">
  <category>security</category>
  <rating>moderate</rating>
  <packager>BenniBrunner</packager>
  <summary>Security update for cobbler</summary>
  <description>This update for cobbler fixes the following issues:

The following security issue has been fixed:

- CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594)

Additionally, the following non-security issues have been fixed:

- Fix signature for SLES15. (bsc#1075014)
- Detect if there is already another instance of "cobbler sync" running and exit with failure if so. (bsc#1081714)
- Add SLES 15 distro profile. (bsc#1090205)
- Require tftp(server) instead of atftp.
</description>
  <issue tracker="cve" id="2017-1000469"/>
  <issue id="1074594" tracker="bnc">CVE-2017-1000469: cobbler: command injection vulnerability in the "add repo" component</issue>
  <issue id="1075014" tracker="bnc">Cobbler import of SLES 15 iso is failing</issue>
  <issue id="1081714" tracker="bnc">L3: cobbler sync fails sporadically when run after a cobbler system add</issue>
  <issue id="1090205" tracker="bnc">Autoinstallation error</issue>
</patchinfo>
openSUSE Build Service is sponsored by
Places