Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

cobbler: privilege escalation

Package(s):

cobbler

CVE #(s):

CVE-2011-4953

Created:

April 23, 2012

Updated:

April 25, 2012

Description:

From the SUSE advisory:

privilege escalation via unsafe call to yaml.load instead of yaml.safe_load

Alerts:

SUSE	SUSE-SU-2012:0552-1	2012-04-23
openSUSE	openSUSE-SU-2012:0557-1	2012-04-24
openSUSE	openSUSE-SU-2012:0639-1	2012-05-25

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds