Cobbler command injection vulnerability (CVE-2017-1000469)
Bug #1742098 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
Medium
|
MOS Maintenance | ||
7.0.x |
New
|
Medium
|
MOS Maintenance | ||
8.0.x |
New
|
Medium
|
MOS Maintenance |
Bug Description
Detailed bug description:
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Fuel node ships with Cobbler used for cloud deployment purposes. Although Cobber API is not intended to use over the network in Fuel use case we need to provide updated Cobbler packages.
description: | updated |
description: | updated |
description: | updated |
Changed in fuel: | |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
Changed in fuel: | |
milestone: | 9.x-updates → 9.2-mu-5 |
status: | New → Confirmed |
Changed in fuel: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
sla2 for 9.0-updates