FEDORA-2021-4def184821 created by orion a month ago for Fedora 33
stable
  • Migrate settings to settings.yaml
  • Migrate pre-cobbler 3 data if needed
  • Fix autoinstall_templates -> templates

Update to 3.2.2

New:

  • Signatures: Add ESXi 7.0 U1 #2525 #2526 #2442
  • AlmaLinux & RockyLinux are now supported
  • Signatures: Add generic openSUSE Leap 15 #2508
  • Settings: Use .yaml as a file extension #2531
  • Settings: Validate what settings we have in the YAML-File #2533 #2419 #2530
  • Modules: We now support automatic Windows installations #2466
  • Docs: Terraform provider now included #2166 #2528

Changes:

  • Web Frontend: Show VMware as a breed #2449
  • Logging check fails with SELinux #2440 #2441
  • Typing: Convert docstring types to typing types #2564
  • ESXi Support: Now partly supported #2541
  • ipmitool now is upstream supported by fence_agents via ipmilanplus #2542
  • cobbler version remove the b prefix #2543
  • We are now using inst.ks instead of ks #2534
  • Use the python-file bindings instead of a subprocess call #2482 #2480
  • Web Interface: Make new user management more obvious #2484

Bugfixes:

  • Remove redundant .json suffix: #2451 #2376 #2545 #2529
  • PAM Authentication failures are fixed now: #2400 #2444
  • Templating: Fix Cheetah macros #2570 #2509 #2403
  • Templating: Fix regex replacements #2513
  • Templating: Add http_port to all snippets we are aware of #2058
  • API: Have the legacy fields kickstart and ks_meta present at all times. #2311 #2568
  • Replicate: revert_strip_none prior adding an object on replicate #2548 #2505
  • Replicate: Fix paths during replication #2516
  • Web interface: Fix snippet path #2520
  • Web interface: Prevent duplicate pathing of snippets #2485
  • Fix script path from Cobbler #2479 #2478
  • Settings: Add missing rsync flags option #2467 #2468
  • Startup: Cobbler starts with sub-profiles now #2259 #2450
  • Web: Permissions for /var/lib/cobbler/web.ss #2439 #2452
  • Power management: Follow the fence_agent return codes #1491
  • cobbler check: Fix dnsmasq check #2155

Other:

  • Cleanup unused import #2551
  • Docs: Improvements at various places #2547 #2481 #2473 #1801 #2228
  • Removed unused multi-language support #2532
  • Un-categorized improvements #2524 #2464
  • Items: Streamline template_types type in all items #2262

Breaking Changes:

  • Possibly the settings file is not correctly migrated and needs to be manually adjusted.
  • Rename settings to settings.yaml
  • Add all keys which are missing. List will be available in /var/log/cobbler/cobbler.log.
  • We dropped support for CentOS 7 since no full Python 3 stack is available #2515

Fedora

  • bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection
  • bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function
  • bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings

How to install

sudo dnf upgrade --advisory=FEDORA-2021-4def184821

This update has been submitted for testing by orion.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update has obsoleted cobbler-3.2.2-1.fc33, and has inherited its bugs and notes.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been pushed to testing.

a month ago

This update has been submitted for stable by bodhi.

3 weeks ago

This update has been pushed to stable.

3 weeks ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
3 weeks ago
BZ#2006840 CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method
0
0
BZ#2006884 CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method [fedora-all]
0
0
BZ#2006897 CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data XMLRPC function
0
0
BZ#2006902 CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data XMLRPC function [fedora-all]
0
0
BZ#2006904 CVE-2021-40325 cobbler: Authorization bypass allows modifying settings
0
0
BZ#2006906 CVE-2021-40325 cobbler: Authorization bypass allows modifying settings [fedora-all]
0
0

Automated Test Results