Overview Details

File _patchinfo of Package patchinfo

<patchinfo>
  <issue id="757316" tracker="bnc">cobbler: multiple CSRF vulnerabilities in web interface</issue>
  <issue id="757062" tracker="bnc">cobbler: privilege escalation flaw / local root</issue>
  <issue id="757479" tracker="bnc">cobbler-web: privilege escalation via PYTHON_EGG_CACHE</issue>
  <issue id="CVE-2011-4953" tracker="cve" />
  <issue id="CVE-2011-4952" tracker="cve" />
  <issue id="CVE-2011-4954" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>ug</packager>
  <description>Specially crafted YAML could allow attackers to execute arbitrary code due to
the use of yaml.load instead of yaml.safe_load.

Cobbler-web was prone to Cross-Site-Request-Forgery (CSRF)</description>
  <summary>update for cobbler</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places