{"affected":[{"ecosystem_specific":{"binaries":[{"cobbler":"2.6.6-49.14.1"}]},"package":{"ecosystem":"SUSE:HPE Helion OpenStack 8","name":"cobbler","purl":"pkg:rpm/suse/cobbler&distro=HPE%20Helion%20OpenStack%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.6-49.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cobbler":"2.6.6-49.14.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 8","name":"cobbler","purl":"pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.6-49.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"koan":"2.6.6-49.14.1"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"cobbler","purl":"pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.6-49.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cobbler":"2.6.6-49.14.1"}]},"package":{"ecosystem":"SUSE:Manager Server 3.0","name":"cobbler","purl":"pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.6-49.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cobbler fixes the following issues:\n\nSecurity issues fixed:\n\n- Forbid exposure of private methods in the API (CVE-2018-10931,\n  CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442)\n- Check access token when calling 'modify_setting' API endpoint (bsc#1104190,\n  bsc#1105440, CVE-2018-1000226)\n\nOther bugs fixed:\n\n- Do not try to hardlink to a symlink. The result will be a dangling symlink\n  in the general case. (bsc#1097733)\n- fix kernel options when generating bootiso (bsc#1101670)\n  ","id":"SUSE-SU-2018:2561-1","modified":"2018-08-30T14:10:22Z","published":"2018-08-30T14:10:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182561-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1097733"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101670"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104189"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104190"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104287"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105440"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105442"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000225"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000226"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10931"}],"related":["CVE-2018-1000225","CVE-2018-1000226","CVE-2018-10931"],"summary":"Security update for cobbler","upstream":["CVE-2018-1000225","CVE-2018-1000226","CVE-2018-10931"]}