openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0382-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.856754

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (openSUSE-SU-2024:0382-1)

Summary: The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory.

Description: Summary:
The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory.

Vulnerability Insight:
This update for cobbler fixes the following issues:

Update to 3.3.7:

* Security: Fix issue that allowed anyone to connect to the API
as admin (CVE-2024-47533, boo#1231332)

* bind - Fix bug that prevents cname entries from being
generated successfully
* Fix build on RHEL9 based distributions (fence-agents-all split)
* Fix for Windows systems
* Docs: Add missing dependencies for source installation
* Fix issue that prevented systems from being synced when the
profile was edited

Update to 3.3.6:

* Upstream all openSUSE specific patches that were maintained in Git
* Fix rename of items that had uppercase letters
* Skip inconsistent collections instead of crashing the daemon

- Update to 3.3.5:
* Added collection indicies for UUID's, MAC's, IP addresses and hostnames
boo#1219933
* Re-added to_dict() caching
* Added lazy loading for the daemon (off by default)

- Update to 3.3.4:

* Added cobbler-tests-containers subpackage
* Updated the distro_signatures.json database
* The default name for grub2-efi changed to grubx64.efi to match
the DHCP template

- Do generate boot menus even if no profiles or systems - only local boot
- Avoid crashing running buildiso in certain conditions.
- Fix settings migration schema to work while upgrading on existing running
Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
- Consider case of 'next_server' being a hostname during migration
of Cobbler collections.
- Fix problem with 'proxy_url_ext' setting being None type.
- Update v2 to v3 migration script to allow migration of collections
that contains settings from Cobbler 2. (boo#1203478)
- Fix problem for the migration of 'autoinstall' collection attribute.
- Fix failing Cobbler tests after upgrading to 3.3.3.
- Fix regression: allow empty string as interface_type value (boo#1203478)
- Avoid possible override of existing values during migration
of collections to 3.0.0 (boo#1206160)
- Add missing code for previous patch file around boot_loaders migration.
- Improve Cobbler performance with item cache and threadpool (boo#1205489)
- Skip collections that are inconsistent instead of crashing (boo#1205749)
- Items: Fix creation of 'default' NetworkInterface (boo#1206520)
- S390X systems require their kernel options to have a linebreak at
79 characters (boo#1207595)
- settings-migration-v1-to-v2.sh will now handle paths with whitespace
correct
- Fix renaming Cobbler items (boo#1204900, boo#1209149)
- Fix cobbler buildiso so that the artifact can be booted by EFI firmware.
(boo#1206060)
- Add input_string_*, input_boolean, input_int functiont to public API

Affected Software/OS:
'cobbler' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-47533

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.856754
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (openSUSE-SU-2024:0382-1)
Summary:	The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory.
Description:	Summary: The remote host is missing an update for the 'cobbler' package(s) announced via the openSUSE-SU-2024:0382-1 advisory. Vulnerability Insight: This update for cobbler fixes the following issues: Update to 3.3.7: * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited Update to 3.3.6: * Upstream all openSUSE specific patches that were maintained in Git * Fix rename of items that had uppercase letters * Skip inconsistent collections instead of crashing the daemon - Update to 3.3.5: * Added collection indicies for UUID's, MAC's, IP addresses and hostnames boo#1219933 * Re-added to_dict() caching * Added lazy loading for the daemon (off by default) - Update to 3.3.4: * Added cobbler-tests-containers subpackage * Updated the distro_signatures.json database * The default name for grub2-efi changed to grubx64.efi to match the DHCP template - Do generate boot menus even if no profiles or systems - only local boot - Avoid crashing running buildiso in certain conditions. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478) - Consider case of 'next_server' being a hostname during migration of Cobbler collections. - Fix problem with 'proxy_url_ext' setting being None type. - Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2. (boo#1203478) - Fix problem for the migration of 'autoinstall' collection attribute. - Fix failing Cobbler tests after upgrading to 3.3.3. - Fix regression: allow empty string as interface_type value (boo#1203478) - Avoid possible override of existing values during migration of collections to 3.0.0 (boo#1206160) - Add missing code for previous patch file around boot_loaders migration. - Improve Cobbler performance with item cache and threadpool (boo#1205489) - Skip collections that are inconsistent instead of crashing (boo#1205749) - Items: Fix creation of 'default' NetworkInterface (boo#1206520) - S390X systems require their kernel options to have a linebreak at 79 characters (boo#1207595) - settings-migration-v1-to-v2.sh will now handle paths with whitespace correct - Fix renaming Cobbler items (boo#1204900, boo#1209149) - Fix cobbler buildiso so that the artifact can be booted by EFI firmware. (boo#1206060) - Add input_string_*, input_boolean, input_int functiont to public API Affected Software/OS: 'cobbler' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-47533
Copyright	Copyright (C) 2024 Greenbone AG