cockpit-310.4-1.el8_10.ML.1

エラータID: AXSA:2024-8473:14

Release date: 
Thursday, June 27, 2024 - 14:23
Subject: 
cockpit-310.4-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.

Security Fix(es):

* cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-2947
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

Solution: 

Update packages.

CVEs: 
CVE-2024-2947
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Additional Info: 

N/A

Download: 

SRPMS
  1. cockpit-310.4-1.el8_10.ML.1.src.rpm
    MD5: 624a8d7ff7cf0693d4ab829262cbf56b
    SHA-256: 454c946ee8841854fad0596f3e9670108b60d83b6fc267cb27e606d7e08a3b81
    Size: 13.91 MB

Asianux Server 8 for x86_64
  1. cockpit-310.4-1.el8_10.ML.1.x86_64.rpm
    MD5: 81725a92edf2e0e5ce3082cd4faf3e35
    SHA-256: 72a96db5061121bba0ad5b332e1bd7cd162029fd59f2fa22f26dba2db90e1954
    Size: 89.46 kB
  2. cockpit-bridge-310.4-1.el8_10.ML.1.x86_64.rpm
    MD5: e9297c0fcf52ecf8d7ed6f1d009540a3
    SHA-256: a3aac17bc78125e6024365bd117fb390fd08f4c476a68cd486d325c510dd7cdc
    Size: 500.09 kB
  3. cockpit-doc-310.4-1.el8_10.ML.1.noarch.rpm
    MD5: c2738109e0b604da223685c5ab9edefc
    SHA-256: c91123c4fd26f06ac1fcfacf591165b5f7f786ccc7da4420a2d179e05d3543e6
    Size: 191.26 kB
  4. cockpit-system-310.4-1.el8_10.ML.1.noarch.rpm
    MD5: 8bc08227b6b2e06b205a0a3c1185f0da
    SHA-256: 8abff7a3678314c411f8e2ad79dc6d80762eb899a25aed19e9194c04b4647887
    Size: 5.18 MB
  5. cockpit-ws-310.4-1.el8_10.ML.1.x86_64.rpm
    MD5: a2793d3d77b95a22b17ad22d480fe744
    SHA-256: 2a6aa59540b96e7d5499978c0eb0ede6d1ccf9269668cd13268509eca75a4e2c
    Size: 0.96 MB