SUSE Package Hub - openSUSE-2024-370

Update Info

openSUSE-2024-370

Security update for cobbler

Type: security

Severity: critical

Issued: 2024-11-21

Description:

This update for cobbler fixes the following issues:

Update to 3.3.7

* Security: Fix issue that allowed anyone to connect to the API
  as admin (CVE-2024-47533, boo#1231332)
* bind - Fix bug that prevents cname entries from being
  generated successfully
* Fix build on RHEL9 based distributions (fence-agents-all split)
* Fix for Windows systems
* Docs: Add missing dependencies for source installation
* Fix issue that prevented systems from being synced when the
  profile was edited

References

CVE: CVE-2024-47533
Bugzilla: 1231332 VUL-0: CVE-2024-47533: cobbler: Authentication Exploit

Packages

cobbler-3.3.7-bp156.2.6.1