Overview

File _patchinfo of Package patchinfo.18667

<patchinfo incident="18667">
  <issue tracker="cve" id="2024-47533"/>
  <issue tracker="bnc" id="1205749"></issue>
  <issue tracker="bnc" id="1203478"></issue>
  <issue tracker="bnc" id="1204900"></issue>
  <issue tracker="bnc" id="1209149"></issue>
  <issue tracker="bnc" id="1219933"></issue>
  <issue tracker="bnc" id="1206520"></issue>
  <issue tracker="bnc" id="1231332">VUL-0: CVE-2024-47533: cobbler: Authentication Exploit</issue>
  <issue tracker="bnc" id="1205489"></issue>
  <issue tracker="bnc" id="1206060"></issue>
  <issue tracker="bnc" id="1207595"></issue>
  <issue tracker="bnc" id="1206160"></issue>
  <packager>PSuarezHernandez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for cobbler</summary>
  <description>This update for cobbler fixes the following issues:

Update to 3.3.7:

  * Security: Fix issue that allowed anyone to connect to the API
    as admin (CVE-2024-47533, boo#1231332)

  * bind - Fix bug that prevents cname entries from being
    generated successfully
  * Fix build on RHEL9 based distributions (fence-agents-all split)
  * Fix for Windows systems
  * Docs: Add missing dependencies for source installation
  * Fix issue that prevented systems from being synced when the
    profile was edited

Update to 3.3.6:

  * Upstream all openSUSE specific patches that were maintained in Git
  * Fix rename of items that had uppercase letters
  * Skip inconsistent collections instead of crashing the daemon

- Update to 3.3.5:
  * Added collection indicies for UUID's, MAC's, IP addresses and hostnames
    boo#1219933
  * Re-added to_dict() caching
  * Added lazy loading for the daemon (off by default)

- Update to 3.3.4:

  * Added cobbler-tests-containers subpackage
  * Updated the distro_signatures.json database
  * The default name for grub2-efi changed to grubx64.efi to match
    the DHCP template

- Do generate boot menus even if no profiles or systems - only local boot
- Avoid crashing running buildiso in certain conditions.
- Fix settings migration schema to work while upgrading on existing running
  Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
- Consider case of "next_server" being a hostname during migration
  of Cobbler collections.
- Fix problem with "proxy_url_ext" setting being None type.
- Update v2 to v3 migration script to allow migration of collections
  that contains settings from Cobbler 2. (boo#1203478)
- Fix problem for the migration of "autoinstall" collection attribute.
- Fix failing Cobbler tests after upgrading to 3.3.3.
- Fix regression: allow empty string as interface_type value (boo#1203478) 
- Avoid possible override of existing values during migration
  of collections to 3.0.0 (boo#1206160)
- Add missing code for previous patch file around boot_loaders migration.
- Improve Cobbler performance with item cache and threadpool (boo#1205489)
- Skip collections that are inconsistent instead of crashing (boo#1205749)
- Items: Fix creation of "default" NetworkInterface (boo#1206520)
- S390X systems require their kernel options to have a linebreak at
  79 characters (boo#1207595)
- settings-migration-v1-to-v2.sh will now handle paths with whitespace
  correct
- Fix renaming Cobbler items (boo#1204900, boo#1209149)
- Fix cobbler buildiso so that the artifact can be booted by EFI firmware.
  (boo#1206060)
- Add input_string_*, input_boolean, input_int functiont to public API
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places