Cobbler is a network installation and update server. It can be used to automatically set up PXE, install virtual guests, manage answer files, and reinstall existing Linux machines. Advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring (integrated with the installer to make updates available at install time), creation of netboot ISOs, and built-in DHCP/DNS Management. Tools such as "cobbler triggers", a Python API, and an XMLRPC API allow integration with cobbler with the rest of your datacenter environment or other systems management applications. There is also a Web interface to simplify management of the install server. Cobbler supports RHEL 4+, Fedora, and derivative distributions, and is also able to install other popular distributions.
License: GNU General Public License v2
Changes:
This release fixes a potential privilege escalation where a user who has been granted access to CobblerWeb can edit a kickstart template through the Web interface (which is a feature of Cobbler Web) and have cobblerd execute Python code on the cobbler server on his behalf as root. The fix in question limits the Python modules that a template can import to "time" and "random" via an explicit whitelist. A user with access to Cobbler Web can already install arbitrary software on other machines that Cobbler controls, though it may not be assumed he has root access on the Cobbler server.
More...
11-15-2008
