Bug 811920 (CVE-2011-4953)
Summary: | CVE-2011-4953 cobbler: Privilege escalation by processing of crafted management parameters | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | awood, dgoodwin, jpazdziora, rcvalle, shenson, vanmeeuwen+fedora |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 16:33:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 811942, 811943 | ||
Bug Blocks: | 811959 |
Description
Jan Lieskovsky
2012-04-12 10:31:25 UTC
This issue affects the versions of the cobbler package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update. As of right now, this issue did NOT affect the current versions of the cobbler package, as shipped with Fedora release of 15 and 16 (the cobbler-2.0.11-3.* versions). But since there are cobbler-2.2.2-1.fc* versions scheduled to get next stable versions and these are affected too, please schedule Fedora release 15 and 16 cobbler package versions updates too. Created cobbler tracking bugs for this issue Affects: fedora-all [bug 811942] Affects: epel-all [bug 811943] Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/12/10 Statement: This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as it did not include the upstream commit d7b30b5fca5097c544ca37ade8c945a3106b1896 that introduced this flaw. |