Ubuntu Security Notice USN-6475-1

==========================================================================Ubuntu Security Notice USN-6475-1November 13, 2023cobbler vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Cobbler.Software Description:- cobbler: Cobbler is a versatile Linux deployment serverDetails:It was discovered that Cobbler did not properly handle user input, whichcould result in an absolute path traversal. An attacker could possiblyuse this issue to read arbitrary files. (CVE-2014-3225)It was discovered that Cobbler did not properly handle user input, whichcould result in command injection. An attacker could possibly use thisissue to execute arbitrary code with high privileges.(CVE-2017-1000469, CVE-2021-45082)It was discovered that Cobbler did not properly hide private functions ina class. A remote attacker could possibly use this issue to gain highprivileges and upload files to an arbitrary location.(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)Nicolas Chatelain discovered that Cobbler did not properly handle userinput, which could result in log poisoning. A remote attacker couldpossibly use this issue to bypass authorization, write in an arbitraryfile, or execute arbitrary code.(CVE-2021-40323, CVE-2021-40324, CVE-2021-40325)It was discovered that Cobbler did not properly handle file permissionsduring package install or update operations. An attacker could possiblyuse this issue to perform a privilege escalation attack. (CVE-2021-45083)It was discovered that Cobbler did not properly process credentials forexpired accounts. An attacker could possibly use this issue to login tothe platform with an expired account or password. (CVE-2022-0860)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS (Available with Ubuntu Pro):   cobbler                         2.4.1-0ubuntu2+esm1   cobbler-common                  2.4.1-0ubuntu2+esm1   cobbler-web                     2.4.1-0ubuntu2+esm1   koan                            2.4.1-0ubuntu2+esm1   python-cobbler                  2.4.1-0ubuntu2+esm1   python-koan                     2.4.1-0ubuntu2+esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6475-1   CVE-2014-3225, CVE-2017-1000469, CVE-2018-1000225, CVE-2018-1000226,   CVE-2018-10931, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325,   CVE-2021-45082, CVE-2021-45083, CVE-2022-0860