1193676 – (cobbler_config_check) AUDIT-FIND: COBBLER - Missing sanity check on server config file

Bug 1193676 (cobbler_config_check) - AUDIT-FIND: COBBLER - Missing sanity check on server config file

Summary: AUDIT-FIND: COBBLER - Missing sanity check on server config file

Status:	RESOLVED FIXED

Alias:	cobbler_config_check

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Enhancement
Target Milestone:	---
Assignee:	Enno Gotthold
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1191952
	Show dependency tree / graph

Clone This Bug

Reported:	2021-12-13 14:00 UTC by Paolo Perego
Modified:	2024-01-17 09:24 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Thomas Leroy 2022-02-08 16:01:16 UTC

The following codestreams should be affected:
- SUSE:SLE-11-SP3:Update/cobbler
- SUSE:SLE-11-SP3:Update:Products:ManagerToolsBeta:Update/cobbler	
- SUSE:SLE-12:Update/cobbler
- SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/cobbler 	
- SUSE:SLE-15-SP2:Update:Products:Manager41:Update/cobbler
- SUSE:SLE-15-SP3:Update:Products:Manager42:Update/cobbler		
- SUSE:SLE-15-SP4:Update:Products:Manager43:Update/cobbler
- openSUSE:Factory/cobbler
- openSUSE:Backports:SLE-15-SP3/cobbler
- openSUSE:Backports:SLE-15-SP4:Update/cobbler

Koan is not affected.

Comment 6 OBSbugzilla Bot 2022-02-18 11:50:20 UTC

This is an autogenerated message for OBS integration:
This bug (1193676) was mentioned in
https://build.opensuse.org/request/show/955837 Backports:SLE-15-SP3 / cobbler

Comment 7 Swamp Workflow Management 2022-02-18 14:29:46 UTC

SUSE-SU-2022:0510-1: An update that solves two vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1193671,1193673,1193675,1193676,1193678,1195906,1195918
CVE References: CVE-2021-45082,CVE-2021-45083
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-02-18 14:32:18 UTC

SUSE-SU-2022:0509-1: An update that solves two vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1193671,1193673,1193675,1193676,1193678,1195906,1195918
CVE References: CVE-2021-45082,CVE-2021-45083
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src):    cobbler-3.1.2-150300.5.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Paolo Perego 2022-02-18 14:39:46 UTC

Fiexd in upstream commit: https://github.com/cobbler/cobbler/commit/d398da8e6e20067de6f0d6a96c6ce0a49e6178bc

Comment 10 Swamp Workflow Management 2022-03-01 20:20:43 UTC

openSUSE-SU-2022:0062-1: An update that solves 6 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1184561,1185679,1186124,1189458,1193671,1193673,1193675,1193676,1193678,1194333,1195906,1195918
CVE References: CVE-2021-40323,CVE-2021-40324,CVE-2021-40325,CVE-2021-45082,CVE-2021-45083,CVE-2021-45942
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    openexr-2.2.1-3.41.1
openSUSE Backports SLE-15-SP3 (src):    cobbler-3.1.2-bp153.2.3.1