Source: cobbler Version: 2.6.6+dfsg1-13 Severity: normal Tags: upstream security Forwarded: https://github.com/cobbler/cobbler/issues/1845
Hi, the following vulnerability was published for cobbler. CVE-2017-1000469[0]: | Cobbler version up to 2.8.2 is vulnerable to a command injection | vulnerability in the "add repo" component resulting in arbitrary code | execution as root user. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000469 [1] https://github.com/cobbler/cobbler/issues/1845 Regards, Salvatore