--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-f1510aa454
2022-03-26 14:56:28.653368
--------------------------------------------------------------------------------
Name : cobbler
Product : Fedora 36
Version : 3.3.1
Release : 1.fc36
URL :
https://cobbler.github.io/
Summary : Boot server configurator
Description :
Cobbler is a network install server. Cobbler supports PXE, ISO
virtualized installs, and re-installing existing Linux machines. The
last two modes use a helper tool, 'koan', that integrates with cobbler.
Cobbler's advanced features include importing distributions from DVDs
and rsync mirrors, kickstart templating, integrated yum mirroring, and
built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration
with other applications.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-45082, CVE-2021-45083
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 1 2022 Orion Poplawski <orion(a)nwra.com> - 3.3.1-1
- Update to 3.3.1, removes web interface
* Tue Mar 1 2022 Orion Poplawski <orion(a)nwra.com> - 3.2.2-9
- Apply fixes for CVE-2021-45082/3
- Remove BR on python3-coverage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2056391 - CVE-2021-45082 cobbler: incomplete template sanitization
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2056391
[ 2 ] Bug #2056394 - CVE-2021-45083 cobbler: unsafe permissions on sensitive files in
/etc/cobbler [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2056394
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-f1510aa454' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------