← Back to branch summary

~andreserl/+junk/cobbler

~andreserl/+junk/cobbler

« back to all changes in this revision

Viewing changes to cobbler/utils.py

Committer: Andres Rodriguez
Date: 2011-12-09 17:39:33 UTC
mfrom: (50.1.5 trunk)
Revision ID: andreserl@ubuntu.com-20111209173933-6mel1k0noqjd1vad

Tags: 2.1.0+git20110602-0ubuntu26.2

https://launchpad.net/bugs/858860

https://launchpad.net/bugs/858875

https://launchpad.net/bugs/858878

https://launchpad.net/bugs/858883

https://launchpad.net/bugs/863755

* SECURITY UPDATE: arbitrary code execution via PYTHON_EGG_CACHE in insecure
  location (LP: #858875)
  - debian/patches/58_fix_egg_cache.patch: move PYTHON_EGG_CACHE to
    /var/lib/cobbler/webui_cache (copied from fix to precise).
* SECURITY UPDATE: CSRF vulnerability in cobbler-web (LP: #858878)
  - debian/patches/59_add_csrf_protection.patch: use Django's built-in
    CSRF protection (taken from upstream).
* SECURITY UPDATE: arbitrary code execution via web interface (LP: #858883)
  - debian/patches/60_yaml_safe_load.patch: use yaml.safe_load instead of
    yaml.load (taken from upstream).
* SECURITY UPDATE: users.digest file is world readable (LP: #858860)
  - debian/cobbler.postinst: create /etc/cobbler/users.digest as 600
* SECURITY UPDATE: webui_sessions uses insecure permissions (LP: #863755)
  - debian/cobbler.postinst: fix permissions on webui_{sessions,cache} to
    0700

files added:
.pc/58_fix_egg_cache.patch

.pc/58_fix_egg_cache.patch/.timestamp

.pc/58_fix_egg_cache.patch/web

.pc/58_fix_egg_cache.patch/web/cobbler.wsgi

.pc/59_add_csrf_protection.patch

.pc/59_add_csrf_protection.patch/.timestamp

.pc/59_add_csrf_protection.patch/web

.pc/59_add_csrf_protection.patch/web/cobbler_web

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/filter.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/generic_edit.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/generic_list.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/import.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/ksfile_edit.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/login.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/master.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/paginate.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/templates/snippet_edit.tmpl

.pc/59_add_csrf_protection.patch/web/cobbler_web/views.py

.pc/59_add_csrf_protection.patch/web/settings.py

.pc/60_yaml_safe_load.patch

.pc/60_yaml_safe_load.patch/.timestamp

.pc/60_yaml_safe_load.patch/cobbler

.pc/60_yaml_safe_load.patch/cobbler/api.py

.pc/60_yaml_safe_load.patch/cobbler/item.py

.pc/60_yaml_safe_load.patch/cobbler/modules

.pc/60_yaml_safe_load.patch/cobbler/modules/serializer_catalog.py

.pc/60_yaml_safe_load.patch/cobbler/modules/serializer_couch.py

.pc/60_yaml_safe_load.patch/cobbler/remote.py

.pc/60_yaml_safe_load.patch/cobbler/services.py

.pc/60_yaml_safe_load.patch/cobbler/utils.py

.pc/60_yaml_safe_load.patch/scripts

.pc/60_yaml_safe_load.patch/scripts/cobbler-ext-nodes

.pc/60_yaml_safe_load.patch/scripts/index.py

.pc/60_yaml_safe_load.patch/scripts/services.py

debian/patches/58_fix_egg_cache.patch

debian/patches/59_add_csrf_protection.patch

debian/patches/60_yaml_safe_load.patch

files modified:
.pc/applied-patches

cobbler/api.py

cobbler/item.py

cobbler/modules/serializer_catalog.py

cobbler/modules/serializer_couch.py

cobbler/remote.py

cobbler/services.py

cobbler/utils.py

debian/changelog

debian/cobbler-web.dirs

debian/cobbler-web.postinst

debian/cobbler.postinst

debian/patches/series

scripts/cobbler-ext-nodes

scripts/index.py

scripts/services.py

web/cobbler.wsgi

web/cobbler_web/templates/filter.tmpl

web/cobbler_web/templates/generic_edit.tmpl

web/cobbler_web/templates/generic_list.tmpl

web/cobbler_web/templates/import.tmpl

web/cobbler_web/templates/ksfile_edit.tmpl

web/cobbler_web/templates/login.tmpl

web/cobbler_web/templates/master.tmpl

web/cobbler_web/templates/paginate.tmpl

web/cobbler_web/templates/snippet_edit.tmpl

web/cobbler_web/views.py

web/settings.py

Show diffs side-by-side

added added

removed removed

cobbler/utils.py

1952

1952

# Load server and http port

1953

1953

try:

1954

1954

fh = open("/etc/cobbler/settings")

1955

data = yaml.load(fh.read())

1955

data = yaml.safe_load(fh.read())

1956

1956

fh.close()

1957

1957

except:

1958

1958

traceback.print_exc()

1973

1973

# Load xmlrpc port

1974

1974

try:

1975

1975

fh = open("/etc/cobbler/settings")

1976

data = yaml.load(fh.read())

1976

data = yaml.safe_load(fh.read())

1977

1977

fh.close()

1978

1978

except:

1979

1979

traceback.print_exc()

Older »