cockpit security update

2024-06-1100:00:00

linux.oracle.com

cockpit

security update

upstream urls

documentation links

subscription-manager-cockpit

spec file

sosreport

command injection fixed

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

[311.2-1.0.1]

Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
Remove duplicate reference to server in cockpit [Orabug: 34030494]
Update documentation links [Orabug: 30271413], [Orabug: 32013095],
[Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876]
Update spec file for new release
[311.2]
Remove recommends on subscription-manager-cockpit if applicable
[311.2-1]
sosreport: Fix command injection with crafted report names [CVE-2024-2947]
(jira#RHEL-31074)

OSVersionArchitecturePackageVersionFilename
oracle linux9srccockpit< 311.2-1.0.1.el9_4cockpit-311.2-1.0.1.el9_4.src.rpm
oracle linux9srccockpit< 311.2-1.0.1.el9_4cockpit-311.2-1.0.1.el9_4.src.rpm
oracle linux9srccockpit< 311.2-1.0.1.el9_4cockpit-311.2-1.0.1.el9_4.src.rpm
oracle linux9aarch64cockpit< 311.2-1.0.1.el9_4cockpit-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux9aarch64cockpit< 311.2-1.0.1.el9_4cockpit-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux9aarch64cockpit-bridge< 311.2-1.0.1.el9_4cockpit-bridge-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux9aarch64cockpit-bridge< 311.2-1.0.1.el9_4cockpit-bridge-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux9noarchcockpit-doc< 311.2-1.0.1.el9_4cockpit-doc-311.2-1.0.1.el9_4.noarch.rpm
oracle linux9noarchcockpit-doc< 311.2-1.0.1.el9_4cockpit-doc-311.2-1.0.1.el9_4.noarch.rpm
oracle linux9noarchcockpit-packagekit< 311.2-1.0.1.el9_4cockpit-packagekit-311.2-1.0.1.el9_4.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	9	src	cockpit	< 311.2-1.0.1.el9_4	cockpit-311.2-1.0.1.el9_4.src.rpm
oracle linux	9	src	cockpit	< 311.2-1.0.1.el9_4	cockpit-311.2-1.0.1.el9_4.src.rpm
oracle linux	9	src	cockpit	< 311.2-1.0.1.el9_4	cockpit-311.2-1.0.1.el9_4.src.rpm
oracle linux	9	aarch64	cockpit	< 311.2-1.0.1.el9_4	cockpit-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux	9	aarch64	cockpit	< 311.2-1.0.1.el9_4	cockpit-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux	9	aarch64	cockpit-bridge	< 311.2-1.0.1.el9_4	cockpit-bridge-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux	9	aarch64	cockpit-bridge	< 311.2-1.0.1.el9_4	cockpit-bridge-311.2-1.0.1.el9_4.aarch64.rpm
oracle linux	9	noarch	cockpit-doc	< 311.2-1.0.1.el9_4	cockpit-doc-311.2-1.0.1.el9_4.noarch.rpm
oracle linux	9	noarch	cockpit-doc	< 311.2-1.0.1.el9_4	cockpit-doc-311.2-1.0.1.el9_4.noarch.rpm
oracle linux	9	noarch	cockpit-packagekit	< 311.2-1.0.1.el9_4	cockpit-packagekit-311.2-1.0.1.el9_4.noarch.rpm