ELSA-2024-9325

ELSA-2024-9325 - cockpit security update

Type:	SECURITY
Impact:	LOW
Release Date:	2024-11-14

Description

[323.1-1.0.1]
- Replaced upstream urls in documentation with oracle links [Orabug: 36528753]
- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]
- Remove duplicate reference to server in cockpit [Orabug: 34030494]
- Update documentation links [Orabug: 30271413], [Orabug: 32013095],
[Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876], [Orabug: 37253273]
- Update spec file for new release

[323.1]
- Remove recommends on subscription-manager-cockpit if applicable

[323-1]
- metrics: Install valkey instead of redis on RHEL/CentOS 10
- login: Prevent multiple logins in a single browser session
- Update documentation links

[322-1]
- shell: Deprecate host switcher

[321-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

[321-1]
- Bug fixes and performance improvements

[320-1]
- pam-ssh-add: Fix insecure killing of session ssh-agent [CVE-2024-6126]
- sosreport: Read report directory from sos config (fix page on Debian/Ubuntu)

[319-1]
- List btrfs snapshots in subvolume detail view

[318-2]
- Rebuilt for Python 3.13

[318-1]
- Storage: Extra confirmation before deleting non-empty partitions in Anaconda's Web UI
- Discontinue Intel 32-bit support in Fedora, CentOS, and RHEL
- cockpit.js: Get user primary group ID

[317-2]
- Rebuilt for Python 3.13

[317-1]
- webserver: System user changes
- metrics: Prefer valkey over redis on Fedora

[316-1]
- cockpit.js API: Fix format_bytes() units

[315-1]
- systemd: Check proper ssh service unit on Debian/Ubuntu
- Translation updates

[314-1]
- Diagnostic reports: Fix command injection vulnerability with crafted report names
- Storage: Improvements to read-only encrypted filesystems

[313-1]
- assorted bug fixes and improvements

[312-1]
- Accounts: support lastlog2 and make the page faster
- Storage: Various Anaconda mode fixes
- Fix package build if cockpit-bridge package is installed

[311.1-1]
- Update documentation links to RHEL 9 (RHEL-3954)
- Storage: Various bug fixes

[311-1]
- Bug fixes and stability improvements

[310.2-1]
- selinux: Cover migration to /run
- ws: Handle HEAD requests correctly, for curl 8.6.0

[310.1-1]
- bridge: Fix race condition/crash in file watching channels

[310-1]
- Storage: support for btrfs
- Storage: improved support for swap

[309-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

[309-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

[309-1]
- Storage: Introduce btrfs support

[308-1]
- Fix connecting to remote hosts with OpenSSH 0.9.6

[307-1]
- Storage redesign

[306-1]
- Kdump: Add Ansible/shell automation

[305-1]
- Performance and stability improvements

[304-1]
Storage: Support for RAID layouts with LVM2

[303-2]
- Rebuild for untagged selinux-policy (cockpit-ws dep)

[303-1]
- Apps: Warn if appstream data package is missing
- Shell: Redesign untrusted 'add host' dialog

[302-1]
- Storage: Partitions can be resized
- many bug fixes

[301-1]
- WireGuard support
- Metrics: link to network interface details

[300-1]
- Celebrating the Nurnberg life release!
- Storage: Support for growing block devices of a Stratis pool

[299-1]
- Kdump: Show location of kdump to verify the successful configuration test
- Storage: Support for no-overprovisioning with Stratis
- Storage: Cockpit can now add caches to encrypted Stratis pools

[297-1]
- users: allow administrators to change the user shell
- tools: Enable Python bridge on Fedora 38

[296-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

[296-1]
- Performance and stability improvements

[295-2]
- Rebuilt for Python 3.12

[295-1]
- Cockpit Client can now connect to servers without Cockpit installed

[294.1-2]
- Rebuilt for Python 3.12

[294.1-1]
- Multiple major fixes for the 'remote python bridge' use case

[294-2]
- Rebuilt for Python 3.12

[294-1]
- Introduce Python bridge on Fedora Rawhide and Debian unstable

[293-1]
- Tests and code quality improvements

[292-1]
- Metrics: Add disk IO per service
- Several right-to-left language fixes

[291-1]
- Update to PatternFly 5 Alpha

[290-1]
- Login page: Add autocomplete tags
- webserver: Disallow direct URL logins with LoginTo=false

[289-1]
- Metrics: Indicate high usage and use colorblind-friendly colors
- Accounts: Improve password validation

[288.1-1]
- Fix broken 'SELinux' menu entry

[288-1]
- Accounts: Show shell and home directory on detail page
- Accounts: Custom user ID during account creation
- Overview: Support additional timeservers with chronyd
- Metrics: Show longer time span by default
- Storage: Mounting filesystems at boot time
- Services: Units need to be re-pinned
- API removal: Remove cockpit.dbus.publish() and .meta()
- Development: Cockpit now supports the esbuild bundler

[287-1]
- Metrics: Column visiblity
- Services: Pinned units need to be re-done

[286-1]
- Metrics page: control visibility of the resource usage graphs

[285-1]
- Cryptographic subpolicies support
- users: Group creation and filtering support

[284-1]
- Services: Show logs for user units
- Storage: Set up a system to use NBDE

[283-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

[283-1]
- Services: Create timer to run every minute

[282-1]
- Add right-to-left language support
- Accounts: Redesign and include groups

[281-1]
- Dark theme switcher

[280.1-1]
- Exclude kpatch test on RHEL gating

[280-1]
- tools: Disallow root login by default

Related CVEs

CVE-2024-6126

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	cockpit-323.1-1.0.1.el9_5.src.rpm	2f1f3234e96d4d19fb442975931060c829c6a944e3bc8a63cb5b81a585f36e87	-	ol9_aarch64_appstream
	cockpit-323.1-1.0.1.el9_5.src.rpm	2f1f3234e96d4d19fb442975931060c829c6a944e3bc8a63cb5b81a585f36e87	-	ol9_aarch64_baseos_latest
	cockpit-323.1-1.0.1.el9_5.src.rpm	2f1f3234e96d4d19fb442975931060c829c6a944e3bc8a63cb5b81a585f36e87	-	ol9_aarch64_u5_baseos_base
	cockpit-323.1-1.0.1.el9_5.aarch64.rpm	19284b8fb55391baadd10d46565d04216fd9e3334a9f3839189006394a340eda	-	ol9_aarch64_baseos_latest
	cockpit-323.1-1.0.1.el9_5.aarch64.rpm	19284b8fb55391baadd10d46565d04216fd9e3334a9f3839189006394a340eda	-	ol9_aarch64_u5_baseos_base
	cockpit-bridge-323.1-1.0.1.el9_5.aarch64.rpm	0735cb84f2858432dc4574f2b42a1c460fc523030cbedcebc69ee29f6c1263d0	-	ol9_aarch64_baseos_latest
	cockpit-bridge-323.1-1.0.1.el9_5.aarch64.rpm	0735cb84f2858432dc4574f2b42a1c460fc523030cbedcebc69ee29f6c1263d0	-	ol9_aarch64_u5_baseos_base
	cockpit-doc-323.1-1.0.1.el9_5.noarch.rpm	4a12bd66a79005580223415826978acc600967ca635849ecbf37078c52686d23	-	ol9_aarch64_baseos_latest
	cockpit-doc-323.1-1.0.1.el9_5.noarch.rpm	4a12bd66a79005580223415826978acc600967ca635849ecbf37078c52686d23	-	ol9_aarch64_u5_baseos_base
	cockpit-packagekit-323.1-1.0.1.el9_5.noarch.rpm	f5d34df7c181425220b6c06e4ec49fec4ca4388200d5218f83a53ed93bc64a44	-	ol9_aarch64_appstream
	cockpit-pcp-323.1-1.0.1.el9_5.aarch64.rpm	31d64851b24aea9b3094e18515d576a02a671b4a0112031122273f3ad3ee5180	-	ol9_aarch64_appstream
	cockpit-storaged-323.1-1.0.1.el9_5.noarch.rpm	a35554bcf4a6fc9c1125109c471dfdbf8bb05af117df14299dfc9e31a98390e4	-	ol9_aarch64_appstream
	cockpit-system-323.1-1.0.1.el9_5.noarch.rpm	c2f5c215fe53ae647e8253ae3d1afcc31684b8c48482d7f4780aeae94aa82361	-	ol9_aarch64_baseos_latest
	cockpit-system-323.1-1.0.1.el9_5.noarch.rpm	c2f5c215fe53ae647e8253ae3d1afcc31684b8c48482d7f4780aeae94aa82361	-	ol9_aarch64_u5_baseos_base
	cockpit-ws-323.1-1.0.1.el9_5.aarch64.rpm	9b164f5b0f4e41ba5ab59266565556ebdab97fba5c4b94ea3c858938fd1d6d1a	-	ol9_aarch64_baseos_latest
	cockpit-ws-323.1-1.0.1.el9_5.aarch64.rpm	9b164f5b0f4e41ba5ab59266565556ebdab97fba5c4b94ea3c858938fd1d6d1a	-	ol9_aarch64_u5_baseos_base
Oracle Linux 9 (x86_64)	cockpit-323.1-1.0.1.el9_5.src.rpm	2f1f3234e96d4d19fb442975931060c829c6a944e3bc8a63cb5b81a585f36e87	-	ol9_x86_64_appstream
	cockpit-323.1-1.0.1.el9_5.src.rpm	2f1f3234e96d4d19fb442975931060c829c6a944e3bc8a63cb5b81a585f36e87	-	ol9_x86_64_baseos_latest
	cockpit-323.1-1.0.1.el9_5.src.rpm	2f1f3234e96d4d19fb442975931060c829c6a944e3bc8a63cb5b81a585f36e87	-	ol9_x86_64_u5_baseos_base
	cockpit-323.1-1.0.1.el9_5.x86_64.rpm	f96ab5093e78760e1839740b165e0e9b9733e32a15549d9d4815eff86a0e6423	-	ol9_x86_64_baseos_latest
	cockpit-323.1-1.0.1.el9_5.x86_64.rpm	f96ab5093e78760e1839740b165e0e9b9733e32a15549d9d4815eff86a0e6423	-	ol9_x86_64_u5_baseos_base
	cockpit-bridge-323.1-1.0.1.el9_5.x86_64.rpm	1ee558647d02ad9f7573032d5821500d2e3d1658fbe3b34d4fe46017a2d9723a	-	ol9_x86_64_baseos_latest
	cockpit-bridge-323.1-1.0.1.el9_5.x86_64.rpm	1ee558647d02ad9f7573032d5821500d2e3d1658fbe3b34d4fe46017a2d9723a	-	ol9_x86_64_u5_baseos_base
	cockpit-doc-323.1-1.0.1.el9_5.noarch.rpm	4a12bd66a79005580223415826978acc600967ca635849ecbf37078c52686d23	-	ol9_x86_64_baseos_latest
	cockpit-doc-323.1-1.0.1.el9_5.noarch.rpm	4a12bd66a79005580223415826978acc600967ca635849ecbf37078c52686d23	-	ol9_x86_64_u5_baseos_base
	cockpit-packagekit-323.1-1.0.1.el9_5.noarch.rpm	f5d34df7c181425220b6c06e4ec49fec4ca4388200d5218f83a53ed93bc64a44	-	ol9_x86_64_appstream
	cockpit-pcp-323.1-1.0.1.el9_5.x86_64.rpm	dfe170088aa72ab13ce52a414a72566bdde9bd28af7ff16b096e95a6436c0b61	-	ol9_x86_64_appstream
	cockpit-storaged-323.1-1.0.1.el9_5.noarch.rpm	a35554bcf4a6fc9c1125109c471dfdbf8bb05af117df14299dfc9e31a98390e4	-	ol9_x86_64_appstream
	cockpit-system-323.1-1.0.1.el9_5.noarch.rpm	c2f5c215fe53ae647e8253ae3d1afcc31684b8c48482d7f4780aeae94aa82361	-	ol9_x86_64_baseos_latest
	cockpit-system-323.1-1.0.1.el9_5.noarch.rpm	c2f5c215fe53ae647e8253ae3d1afcc31684b8c48482d7f4780aeae94aa82361	-	ol9_x86_64_u5_baseos_base
	cockpit-ws-323.1-1.0.1.el9_5.x86_64.rpm	e5b68969fb9a63cfd971222d5a1a8d227eb8536a4e304672ce0b8e0703ab7acb	-	ol9_x86_64_baseos_latest
	cockpit-ws-323.1-1.0.1.el9_5.x86_64.rpm	e5b68969fb9a63cfd971222d5a1a8d227eb8536a4e304672ce0b8e0703ab7acb	-	ol9_x86_64_u5_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team