[Bug 858883] Re: "Management Parameters" (for example a system) which can be set in the web interface can result in arbitrary code execution on the host due to the use of yaml.loads instead of yaml.safe_loads in item.py on line 248:
Dave Walker
davewalker at ubuntu.com
Sun Oct 16 23:40:43 UTC 2011
** Also affects: cobbler (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: cobbler (Ubuntu Precise)
Importance: High
Status: New
** Changed in: cobbler (Ubuntu Oneiric)
Importance: Undecided => High
** Changed in: cobbler (Ubuntu Oneiric)
Milestone: None => oneiric-updates
** Changed in: cobbler (Ubuntu Precise)
Milestone: None => precise-alpha-1
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/858883
Title:
"Management Parameters" (for example a system) which can be set in the
web interface can result in arbitrary code execution on the host due
to the use of yaml.loads instead of yaml.safe_loads in item.py on line
248:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883/+subscriptions
More information about the Ubuntu-server-bugs
mailing list