openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0382-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856754

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2024:0382-1)

Resumen: The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory.

Vulnerability Insight:
This update for cobbler fixes the following issues:

Update to 3.3.7:

* Security: Fix issue that allowed anyone to connect to the API
as admin (CVE-2024-47533, boo#1231332)

* bind - Fix bug that prevents cname entries from being
generated successfully
* Fix build on RHEL9 based distributions (fence-agents-all split)
* Fix for Windows systems
* Docs: Add missing dependencies for source installation
* Fix issue that prevented systems from being synced when the
profile was edited

Update to 3.3.6:

* Upstream all openSUSE specific patches that were maintained in Git
* Fix rename of items that had uppercase letters
* Skip inconsistent collections instead of crashing the daemon

- Update to 3.3.5:
* Added collection indicies for UUID's, MAC's, IP addresses and hostnames
boo#1219933
* Re-added to_dict() caching
* Added lazy loading for the daemon (off by default)

- Update to 3.3.4:

* Added cobbler-tests-containers subpackage
* Updated the distro_signatures.json database
* The default name for grub2-efi changed to grubx64.efi to match
the DHCP template

- Do generate boot menus even if no profiles or systems - only local boot
- Avoid crashing running buildiso in certain conditions.
- Fix settings migration schema to work while upgrading on existing running
Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
- Consider case of 'next_server' being a hostname during migration
of Cobbler collections.
- Fix problem with 'proxy_url_ext' setting being None type.
- Update v2 to v3 migration script to allow migration of collections
that contains settings from Cobbler 2. (boo#1203478)
- Fix problem for the migration of 'autoinstall' collection attribute.
- Fix failing Cobbler tests after upgrading to 3.3.3.
- Fix regression: allow empty string as interface_type value (boo#1203478)
- Avoid possible override of existing values during migration
of collections to 3.0.0 (boo#1206160)
- Add missing code for previous patch file around boot_loaders migration.
- Improve Cobbler performance with item cache and threadpool (boo#1205489)
- Skip collections that are inconsistent instead of crashing (boo#1205749)
- Items: Fix creation of 'default' NetworkInterface (boo#1206520)
- S390X systems require their kernel options to have a linebreak at
79 characters (boo#1207595)
- settings-migration-v1-to-v2.sh will now handle paths with whitespace
correct
- Fix renaming Cobbler items (boo#1204900, boo#1209149)
- Fix cobbler buildiso so that the artifact can be booted by EFI firmware.
(boo#1206060)
- Add input_string_*, input_boolean, input_int functiont to public API

Affected Software/OS:
'cobbler' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-47533

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856754
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2024:0382-1)
Resumen:	The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory. Vulnerability Insight: This update for cobbler fixes the following issues: Update to 3.3.7: * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited Update to 3.3.6: * Upstream all openSUSE specific patches that were maintained in Git * Fix rename of items that had uppercase letters * Skip inconsistent collections instead of crashing the daemon - Update to 3.3.5: * Added collection indicies for UUID's, MAC's, IP addresses and hostnames boo#1219933 * Re-added to_dict() caching * Added lazy loading for the daemon (off by default) - Update to 3.3.4: * Added cobbler-tests-containers subpackage * Updated the distro_signatures.json database * The default name for grub2-efi changed to grubx64.efi to match the DHCP template - Do generate boot menus even if no profiles or systems - only local boot - Avoid crashing running buildiso in certain conditions. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478) - Consider case of 'next_server' being a hostname during migration of Cobbler collections. - Fix problem with 'proxy_url_ext' setting being None type. - Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2. (boo#1203478) - Fix problem for the migration of 'autoinstall' collection attribute. - Fix failing Cobbler tests after upgrading to 3.3.3. - Fix regression: allow empty string as interface_type value (boo#1203478) - Avoid possible override of existing values during migration of collections to 3.0.0 (boo#1206160) - Add missing code for previous patch file around boot_loaders migration. - Improve Cobbler performance with item cache and threadpool (boo#1205489) - Skip collections that are inconsistent instead of crashing (boo#1205749) - Items: Fix creation of 'default' NetworkInterface (boo#1206520) - S390X systems require their kernel options to have a linebreak at 79 characters (boo#1207595) - settings-migration-v1-to-v2.sh will now handle paths with whitespace correct - Fix renaming Cobbler items (boo#1204900, boo#1209149) - Fix cobbler buildiso so that the artifact can be booted by EFI firmware. (boo#1206060) - Add input_string_*, input_boolean, input_int functiont to public API Affected Software/OS: 'cobbler' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-47533
Copyright	Copyright (C) 2024 Greenbone AG