Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "python-cobbler": "2.4.1-0ubuntu2+esm1", "cobbler": "2.4.1-0ubuntu2+esm1", "cobbler-common": "2.4.1-0ubuntu2+esm1", "koan": "2.4.1-0ubuntu2+esm1", "cobbler-web": "2.4.1-0ubuntu2+esm1", "python-koan": "2.4.1-0ubuntu2+esm1" } ] }