[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2021:0046-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":26,"duplicates":27,"related":28,"reserved_at":9,"published_at":35,"modified_at":36,"state":9,"summary":37,"references_raw":39,"kevs":328,"epss":9,"epss_history":329,"metrics":330,"affected":331},"OPENSUSE-SU-2021:0046-1","Security update for cobbler\n\nThis update for cobbler fixes the following issues:\n\n- Add cobbler-tests subpackage for unit testing for openSUSE/SLE \n- Adds LoadModule definitions for openSUSE/SLE\n- Switch to new refactored auth module.\n\n- use systemctl to restart cobblerd on logfile rotation (boo#1169207)\n  Mainline logrotate conf file uses already /sbin/service instead of\n  outdated: /etc/init.d/cobblerd\n- Fix cobbler sync for DHCP or DNS (boo#1169553)\n  Fixed mainline by commit 2d6cfe42da\n- Signatures file now uses 'default_autoinstall' which fixes import\n  problem happening with some distributions (boo#1159010)\n  \n- Fix for kernel and initrd detection (boo#1159010)\n\n- New:\n  * For the distro there is now a parameter remote_boot_initrd and remote_boot_kernel ()\n  * For the profile there is now a parameter filename for DHCP. (#2280)\n  * Signatures for ESXi 6 and 7 (#2308)\n  * The hardlink command is now detected more dynamically and thus more error resistant (#2297)\n  * HTTPBoot will now work in some cases out of the bug. (#2295)\n  * Additional DNS query for a case where the wrong record was queried in the nsupdate system case (#2285)\n- Changes:\n  * Enabled a lot of tests, removed some and implemented new. (#2202)\n  * Removed not used files from the codebase. (#2302)\n  * Exchanged mkisofs to xorrisofs. (#2296)\n  * Removed duplicate code. (#2224)\n  * Removed unreachable code. (#2223)\n  * Snippet creation and deletion now works again via xmlrpc. (#2244)\n  * Replace createrepo with createrepo_c. (#2266)\n  * Enable Kerberos through having a case sensitive users.conf. (#2272)\n- Bugfixes:\n  * General various Bugfixes (#2331, )\n  * Makefile usage and commands. (#2344, #2304)\n  * Fix the dhcp template. (#2314)\n  * Creation of the management classes and gPXE. (#2310)\n  * Fix the scm_track module. (#2275, #2279)\n  * Fix passing the netdevice parameter correctly to the linuxrc. (#2263)\n  * powerstatus from cobbler now works thanks to a wrapper for ipmitool. (#2267)\n  * In case the LDAP is used for auth, it now works with ADs. (#2274)\n  * Fix passthru authentication. (#2271)\n- Other:\n  * Add Codecov. (#2229)\n  * Documentation updates. (#2333, #2326, #2305, #2249, #2268)\n  * Buildprocess:\n    *  Recreation and cleanup of Grub2. (#2278)\n    *  Fix small errors for openSUSE Leap. (#2233)\n    *  Fix rpmlint errors. (#2237)\n    *  Maximum compatibility for debbuild package creation. (#2255, #2292, #2242, #2300)\n  * Fixes related to our CI Pipeline (#2254, #2269)\n  * Internal Code cleanup (#2273, #2270)\n- Breaking Changes:\n  * Hash handling in users.digest file. (#2299) \n\n- Updated to version 3.1.1.\n  * Introduce new packaging from upstream\n  * Changelog see below\n- New:\n  * We are now having a cross-distro specfile which can be build in the OBS\n    (#2220) - before rewritten it was improved by #2144 & #2174\n  * Grub Submenu for net-booting machines (#2217)\n  * Building the Cent-OS RPMs in Docker (#2190 #2189)\n  * Reintroduced manpage build in setup.py (#2185)\n  * mgmt_parameters are now passed to the dhcp template (#2182)\n  * Using the standard Pyhton3 logger instead of a custom one (#2160 #2139 #2151)\n  * Script for converting the settings file from 3.0.0 to 3.0.1 (#2154)\n  * Docs now inside the repo instead of cobbler.github.io and improved with sphinx (#2117)\n- Changes:\n  * The default tftpboot directory is now /var/lib/tftpboot instead of previously /srv/tftpboot (#2220)\n  * Distro signatures were adjusted where necessary (#2219 #2134)\n  * Removed requirements.txt and placed the requirements in setup.py (#2204)\n  * Display only entries in grub which are from the same arch (#2191 #2216)\n  * Change the name of the cobbler manpage form cobbler-cli to cobbler back and move it to section 8 (#2188 #2186)\n- Bugfixes:\n  * Incremented Version to 3.1.1 from 3.0.1\n  * S390 Support was cleaned up (#2207 #2178)\n  * PowerPC Support was cleaned up (#2178)\n  * Added a missing import while importing a distro with cobbler import (#2201)\n  * Fixed a case where a stacktrace would be produced so pass none instead (#2203)\n  * Rename of suse_kopts_textmode_overwrite to kops_overwrite to utils (#2143 #2200)\n  * Fix rsync subprocess call (#2199 #2179)\n  * Fixed an error where the template rendering did not work (#2176)\n  * Fixed some cobbler import errors (#2172)\n  * Wrong shebang in various scripts (#2148)\n  * Fix some imports which fixes errors introduced by the remodularization (#2150 #2153)\n- Other:\n  * Issue Templates for Github (#2187)\n\n- Update to latest git HEAD code base\n  This version (from mainline so for quite a while already)\n  also includes fixes for 'boo#1149075' and boo#1151875\n\n- Fix for cobbler import and buildiso (boo#1156574)\n- Adjusted manpage creation (needs sphinx as BuildRequires)\n- Fix cobbler sync for dhcp and dns enabled due to latest module\n  renaming patches\n\n- Update to latest git HEAD\n   - Fixes permission denied in apache2 context when trying to write\n     cobbler log\n   - Fixes a bad import in import_signature (item)\n   - Fixes bad shebang bash path in mkgrub.sh (used in post section)\n\n- Now track Github master branch\n  WARNING: This release contains breaking changes for your settings file! \n  * Notable changes:\n    - Now using standard python logger\n    - Updated dhcpd.template \n- Removed fix_shebang.patch: now in upstream. \n- added -s parameter to fdupes call to prevent hardlink across \n  partititons\n\n- Update to latest v3.0.0 cobbler release\n- Add previouly added patch: exclude_get-loaders_command.patch to\n  the list of patches to apply.\n\n- Fix log file world readable (as suggested by Matthias Gerstner)\n  and change file attributes via attr in spec file\n- Do not allow get-loaders command (download of third party\n  provided network boot loaders we do not trust)\n- Mainline fixes:\n  3172d1df9b9cc8 Add missing help text in redhat_management_key field\n  c8f5490e507a72 Set default interface if cobbler system add has no\n                 --interface= param\n  31a1aa31d26c4a Remove apache IfVersion tags from apache configs\n\n- Integrated fixes that came in from mainline from other products\n  (to calm down obs regression checker):\n  CVE-2011-4953, fate#312397, boo#660126, boo#671212, boo#672471, boo#682665\n  boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610\n  boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699\n  boo#846580, boo#869371, boo#884051, boo#976826, boo#984998\n  Some older bugs need boo# references as well:\n  boo#660126, boo#671212, boo#672471, boo#682665\n  boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610\n  boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699\n  boo#846580, boo#869371, boo#884051\n\n- Fix for redhat_management_key not being listed as a choice\n  during profile rename (boo#1134588)\n- Added:\n  * rhn-mngmnt-key-field-fix.diff\n\n- Fixes distribution detection in setup.py for SLESo\n- Added:\n  * changes-detection-to-distro-like-for-suse-distributions.diff\n\n- Moving to pytest and adding Docker test integration\n- Added:\n  * add-docker-integration-testing.diff\n  * refactor-unittest-to-pytest.diff\n\n- Additional compatability changes for old Koan versions.\n- Modified:\n  * renamed-methods-alias-part2.patch\n\n- Old Koan versions not only need method aliases, but also need\n  compatible responses\n- Added:\n  * renamed-methods-alias-part2.patch\n\n- Add the redhat_managment_* fields again to enable templating in SUMA.\n- Added:\n  * revert-redhat-management-removal.patch  \n\n- Changes return of last_modified_time RPC to float\n- Added:\n  * changes-return-to-float.diff\n\n- provide old name aliases for all renamed methods:\n  - get_distro_for_koan     =>  get_distro_as_rendered\n  - get_profile_for_koan    =>  get_profile_as_rendered\n  - get_system_for_koan     =>  get_system_as_rendered\n  - get_repo_for_koan       =>  get_repo_as_rendered\n  - get_image_for_koan      =>  get_image_as_rendered\n  - get_mgmtclass_for_koan  =>  get_mgmtclass_as_rendered\n  - get_package_for_koan    =>  get_package_as_rendered\n  - get_file_for_koan       =>  get_file_as_rendered\n- Renamed:\n  get_system_for_koan.patch => renamed-methods-alias.patch\n\n- provide renamed method 'get_system_for_koan' under old name\n  for old clients.\n- Added:\n  * get_system_for_koan.patch\n\n- Bring back power_system method in the XML-RPC API\n- Changed lanplus option to lanplus=true in fence_ipmitool.template\n- Added:\n  * power_system_xmlrpc_api.patch\n- Changed:\n  * fence_ipmitool.template\n\n- Disables nsupdate_enabled by default\n- Added:\n  * disable_nsupdate_enabled_by_default.diff\n\n- Fixes issue in distribution detection with 'lower' function call.\n- Modified:\n  * remodeled-distro-detection.diff  \n\n- Adds imporoved distribution detection. Since now all base products\n  get detected correctly, we no longer need the SUSE Manager patch.\n- Added:\n  * remodeled-distro-detection.diff  \n\n- fix grub directory layout\n- Added:\n  * create-system-directory-at-the-correct-place.patch\n\n- fix HTTP status code of XMLRPC service\n- Added:\n  * fix-http-status-code.patch\n\n- touch /etc/genders when it not exists (boo#1128926)\n- Add patches to fix logging\n- Added:\n  * return-the-name-of-the-unknown-method.patch\n  * call-with-logger-where-possible.patch\n\n- Switching version schema from 3.0 to 3.0.0\n\n- Fixes case where distribution detection returns None (boo#1130658)\n- Added:\n  * fixes-distro-none-case.diff\n\n- Removes newline from token, which caused authentication error (boo#1128754)\n- Added:\n  * remove-newline-from-token.diff\n\n- Added a patch which fixes an exception when login in with a non-root user.\n- Added:\n  * fix-login-error.patch\n\n- Added a patch which fixes an exception when login in with a non-root user.\n- Added:\n  * fix-login-error.patch\n  \n\n- Remove patch merged at upstream:\n  * 0001-return-token-as-string.patch\n\n- change grub2-x86_64-efi dependency to Recommends\n\n- grub2-i386pc is not really required. Changed to recommended\n  to allow building for architectures other than x86_64\n\n- Use cdrtools starting with SLE-15 and Leap-15 again. (boo#1081739)\n- Update cobbler loaders server hostname (boo#980577)\n- Update outdated apache config (boo#956264)\n- Replace builddate with changelog date to fix build-compare (boo#969538)\n- LOCKFILE usage removed on openSUSE (boo#714618)\n- Power management subsystem completely re-worked to prevent\n  command-injection (CVE-2012-2395)\n- Removed patch merged at upstream:\n  * cobblerd_needs_apache2_service_started.patch\n\n- Checking bug fixes of released products are in latest develop pkg:\n  - remove fix-nameserver-search.fix; bug is invalid (boo#1029276)\n    -> not needed anymore\n  - fix cobbler yaboot handling (boo#968406, boo#966622)\n    -> no yaboot support anymore\n  - support UEFI boot with cobbler generated tftp tree (boo#1020376)\n    -> upstream\n  - Enabling PXE grub2 support for PowerPC (boo#986978)\n    -> We have grub2 support for ppc64le\n  - (boo#1048183) fix missing args and location for xen\n    -> is in\n  - no koan support anymore:\n    boo#969541, boo#924118, boo#967523\n  - not installed (boo#966841)\n    works.\n- These still have to be looked at:\n  SUSE system as systemd only (boo#952844)\n  handle list value for kernel options \n  correctly (boo#973413) \n  entry in pxe menu (boo#988889)\n- This still has to be switched off (at least in internal cobbler versions):\n  Disabling 'get-loaders' command and 'check' fixed. boo#973418\n\n- Add explicity require to tftp, so it is used for both SLE\n  and openSUSE (originally from jgonzalez@suse.com)\n- Moved Recommends according to spec_cleaner\n\n- Require latest apache2-mod_wsgi-python3 package\n  This fixes interface to http://localhost/cblr/svc/...\n- Use latest github cobbler/cobbler master branch in _service file\n- cobblerd_needs_apache2_service_started.patch reverted, that is mainline\n  now:\n- Only recommend grub2-arm and grub2-ppc packages or we might not be\n  able to build on factory where arm/ppc might not be built\n- Remove genders package requires. A genders file is generated, but\n  we do not need/use the genders package.\n\n- Update to latest cobbler version 3.0 mainline git HEAD version\n  and remove already integrated or not needed anymore patches.\n- Serial console support added, did some testing already\n  Things should start to work as expected\n\n- Add general grub2 support\n\n- Put mkgrub.* into mkgrub.sh\n\n- Add git date and commit to version string for now\n\n- Add grub2 mkimage scripts:\nmkgrub.i386-pc\nmkgrub.powerpc-ieee1275\nmkgrub.x86_64-efi\nmkgrub.arm64-efi\n  and generate grub executables with them in the %post section\n  \n\n- build server wants explicite package in BuildRequires; use tftp\n- require tftp(server) instead of atftp\n- cleanup: cobbler is noarch, so arch specific requires do not make\n  sense\n- SLES15 is using /etc/os-release instead of /etc/SuSE-release, use\n  this one for checking also\n- add sles15 distro profile (boo#1090205)\n- fix signature for SLES15 (boo#1075014)\n- fix signature for SLES15 (boo#1075014)\n- fix koan wait parameter initialization\n- Fix koan shebang\n- Escape shell parameters provided by the user for the\n  reposync action (CVE-2017-1000469) (boo#1074594)\n- detect if there is already another instance of 'cobbler sync'\n  running and exit with failure if so (boo#1081714)\n- do not try to hardlink to a symlink. The result will be a\n  dangling symlink in the general case (boo#1097733)\n- fix service restart after logrotate for cobblerd (boo#1113747)\n- rotate cobbler logs at higher frequency to prevent disk fillup\n  (boo#1113747)\n- Forbid exposure of private methods in the API (CVE-2018-10931)\n  (CVE-2018-1000225) (boo#1104287) (boo#1104189) (boo#1105442)\n- Check access token when calling 'modify_setting' API endpoint\n  (boo#1104190) (boo#1105440) (CVE-2018-1000226)\n",null,[],[],[],[14,16,18,20,22,24],{"_key":15},"CVE-2011-4953",{"_key":17},"CVE-2012-2395",{"_key":19},"CVE-2017-1000469",{"_key":21},"CVE-2018-1000225",{"_key":23},"CVE-2018-1000226",{"_key":25},"CVE-2018-10931",[],[],[29,30,31,32,33,34],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},"2021-01-11T09:25:38Z","2026-02-04T03:02:10.540001Z",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[40,46,51,55,59,63,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,127,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,215,219,223,227,231,235,239,243,247,251,255,259,263,267,271,275,279,283,287,291,295,299,303,308,312,316,320,324],{"url":41,"sources":42,"tags":44},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KL7UG4FHNZKUU44UQUG34HXRAOJ27FI2/",[43],"osv_opensuse",[45],"Advisory",{"url":47,"sources":48,"tags":49},"https://bugzilla.suse.com/1020376",[43],[50],"REPORT",{"url":52,"sources":53,"tags":54},"https://bugzilla.suse.com/1029276",[43],[50],{"url":56,"sources":57,"tags":58},"https://bugzilla.suse.com/1048183",[43],[50],{"url":60,"sources":61,"tags":62},"https://bugzilla.suse.com/1074594",[43],[50],{"url":64,"sources":65,"tags":66},"https://bugzilla.suse.com/1075014",[43],[50],{"url":68,"sources":69,"tags":70},"https://bugzilla.suse.com/1081714",[43],[50],{"url":72,"sources":73,"tags":74},"https://bugzilla.suse.com/1081739",[43],[50],{"url":76,"sources":77,"tags":78},"https://bugzilla.suse.com/1090205",[43],[50],{"url":80,"sources":81,"tags":82},"https://bugzilla.suse.com/1097733",[43],[50],{"url":84,"sources":85,"tags":86},"https://bugzilla.suse.com/1101670",[43],[50],{"url":88,"sources":89,"tags":90},"https://bugzilla.suse.com/1104189",[43],[50],{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1104190",[43],[50],{"url":96,"sources":97,"tags":98},"https://bugzilla.suse.com/1104287",[43],[50],{"url":100,"sources":101,"tags":102},"https://bugzilla.suse.com/1105440",[43],[50],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1105442",[43],[50],{"url":108,"sources":109,"tags":110},"https://bugzilla.suse.com/1113747",[43],[50],{"url":112,"sources":113,"tags":114},"https://bugzilla.suse.com/1128754",[43],[50],{"url":116,"sources":117,"tags":118},"https://bugzilla.suse.com/1128926",[43],[50],{"url":120,"sources":121,"tags":122},"https://bugzilla.suse.com/1130658",[43],[50],{"url":124,"sources":125,"tags":126},"https://bugzilla.suse.com/1134588",[43],[50],{"url":128,"sources":129,"tags":130},"https://bugzilla.suse.com/1149075",[43],[50],{"url":132,"sources":133,"tags":134},"https://bugzilla.suse.com/1151875",[43],[50],{"url":136,"sources":137,"tags":138},"https://bugzilla.suse.com/1156574",[43],[50],{"url":140,"sources":141,"tags":142},"https://bugzilla.suse.com/1159010",[43],[50],{"url":144,"sources":145,"tags":146},"https://bugzilla.suse.com/1169207",[43],[50],{"url":148,"sources":149,"tags":150},"https://bugzilla.suse.com/1169553",[43],[50],{"url":152,"sources":153,"tags":154},"https://bugzilla.suse.com/1169779",[43],[50],{"url":156,"sources":157,"tags":158},"https://bugzilla.suse.com/1170462",[43],[50],{"url":160,"sources":161,"tags":162},"https://bugzilla.suse.com/660126",[43],[50],{"url":164,"sources":165,"tags":166},"https://bugzilla.suse.com/671212",[43],[50],{"url":168,"sources":169,"tags":170},"https://bugzilla.suse.com/672471",[43],[50],{"url":172,"sources":173,"tags":174},"https://bugzilla.suse.com/682665",[43],[50],{"url":176,"sources":177,"tags":178},"https://bugzilla.suse.com/687891",[43],[50],{"url":180,"sources":181,"tags":182},"https://bugzilla.suse.com/695955",[43],[50],{"url":184,"sources":185,"tags":186},"https://bugzilla.suse.com/714618",[43],[50],{"url":188,"sources":189,"tags":190},"https://bugzilla.suse.com/722443",[43],[50],{"url":192,"sources":193,"tags":194},"https://bugzilla.suse.com/722445",[43],[50],{"url":196,"sources":197,"tags":198},"https://bugzilla.suse.com/757062",[43],[50],{"url":200,"sources":201,"tags":202},"https://bugzilla.suse.com/763610",[43],[50],{"url":204,"sources":205,"tags":206},"https://bugzilla.suse.com/783671",[43],[50],{"url":208,"sources":209,"tags":210},"https://bugzilla.suse.com/790545",[43],[50],{"url":212,"sources":213,"tags":214},"https://bugzilla.suse.com/796773",[43],[50],{"url":216,"sources":217,"tags":218},"https://bugzilla.suse.com/811025",[43],[50],{"url":220,"sources":221,"tags":222},"https://bugzilla.suse.com/812948",[43],[50],{"url":224,"sources":225,"tags":226},"https://bugzilla.suse.com/842699",[43],[50],{"url":228,"sources":229,"tags":230},"https://bugzilla.suse.com/846580",[43],[50],{"url":232,"sources":233,"tags":234},"https://bugzilla.suse.com/869371",[43],[50],{"url":236,"sources":237,"tags":238},"https://bugzilla.suse.com/884051",[43],[50],{"url":240,"sources":241,"tags":242},"https://bugzilla.suse.com/924118",[43],[50],{"url":244,"sources":245,"tags":246},"https://bugzilla.suse.com/952844",[43],[50],{"url":248,"sources":249,"tags":250},"https://bugzilla.suse.com/956264",[43],[50],{"url":252,"sources":253,"tags":254},"https://bugzilla.suse.com/966622",[43],[50],{"url":256,"sources":257,"tags":258},"https://bugzilla.suse.com/966841",[43],[50],{"url":260,"sources":261,"tags":262},"https://bugzilla.suse.com/967523",[43],[50],{"url":264,"sources":265,"tags":266},"https://bugzilla.suse.com/968406",[43],[50],{"url":268,"sources":269,"tags":270},"https://bugzilla.suse.com/969538",[43],[50],{"url":272,"sources":273,"tags":274},"https://bugzilla.suse.com/969541",[43],[50],{"url":276,"sources":277,"tags":278},"https://bugzilla.suse.com/973413",[43],[50],{"url":280,"sources":281,"tags":282},"https://bugzilla.suse.com/973418",[43],[50],{"url":284,"sources":285,"tags":286},"https://bugzilla.suse.com/976826",[43],[50],{"url":288,"sources":289,"tags":290},"https://bugzilla.suse.com/980577",[43],[50],{"url":292,"sources":293,"tags":294},"https://bugzilla.suse.com/984998",[43],[50],{"url":296,"sources":297,"tags":298},"https://bugzilla.suse.com/986978",[43],[50],{"url":300,"sources":301,"tags":302},"https://bugzilla.suse.com/988889",[43],[50],{"url":304,"sources":305,"tags":306},"https://www.suse.com/security/cve/CVE-2011-4953",[43],[307],"WEB",{"url":309,"sources":310,"tags":311},"https://www.suse.com/security/cve/CVE-2012-2395",[43],[307],{"url":313,"sources":314,"tags":315},"https://www.suse.com/security/cve/CVE-2017-1000469",[43],[307],{"url":317,"sources":318,"tags":319},"https://www.suse.com/security/cve/CVE-2018-1000225",[43],[307],{"url":321,"sources":322,"tags":323},"https://www.suse.com/security/cve/CVE-2018-1000226",[43],[307],{"url":325,"sources":326,"tags":327},"https://www.suse.com/security/cve/CVE-2018-10931",[43],[307],[],[],[],[332],{"ecosystem":333,"name":334,"vendor":335,"product":336,"cpe_part":9,"purl_type":337,"purl_namespace":335,"purl_name":336,"source":9,"versions":338},"openSUSE","cobbler","opensuse","cobbler&distro=openSUSE Leap 15.2","rpm",[339],{"version":340,"is_range":341,"range_type":342,"version_start":9,"version_start_type":9,"version_end":343,"version_end_type":344,"fixed_in":9},"lt3_1_2_lp152_6_3_1",true,"ecosystem","3.1.2-lp152.6.3.1","excluding"]