Fwd: [foreman-announce] Foreman 1.5.1 security, bug fix and enhancement update
Ewoud Kohl van Wijngaarden
ewoud+ovirt at kohlvanwijngaarden.nl
Thu Jun 19 10:15:34 UTC 2014
On Thu, Jun 19, 2014 at 10:38:12AM +0200, Ewoud Kohl van Wijngaarden wrote:
> On Wed, Jun 18, 2014 at 03:30:52PM +0200, David Caro wrote:
> > Maybe it's worth updating foreman
>
> Given we already run 1.5.0 and I'm doing so now. Foreman may be
> unavailable for a few minutes.
I should have sent an email right after the update, but the upgrade went
smooth. If you notice any issues, please report them.
>
> >
> > -------- Original Message --------
> > Subject: [foreman-announce] Foreman 1.5.1 security, bug fix and enhancement update
> > Date: Wed, 18 Jun 2014 13:25:10 +0100
> > From: Dominic Cleal <dcleal+g at redhat.com>
> > Reply-To: foreman-users <foreman-users at googlegroups.com>
> > To: foreman-announce <foreman-announce at googlegroups.com>, foreman-users
> > <foreman-users at googlegroups.com>
> >
> > Foreman 1.5.1 has been released, with many bug fixes for issues found in
> > 1.5, three security fixes and a few minor features.
> >
> > The security issues fixed are:
> >
> > 1. TFTP boot file fetch API permits remote code execution
> > CVE identifier: CVE-2014-0007
> > Redmine issue: http://projects.theforeman.org/issues/6086
> > Affects all known Foreman versions
> >
> > 2. Stored cross site scripting (XSS) in notification dialogs
> > CVE identifier: CVE-2014-3491
> > Redmine issue: http://projects.theforeman.org/issues/5881
> > Affects all known Foreman versions
> >
> > 3. Stored cross site scripting (XSS) in YAML preview
> > CVE identifier: CVE-2014-3492
> > Redmine issue: http://projects.theforeman.org/issues/6149
> > Affects all known Foreman versions
> >
> > Additional details are available on our security advisories page:
> > http://theforeman.org/security.html
> >
> > Other notable changes are:
> >
> > - VMware compute profile issues fixed (#5652)
> > - Puppet 3.6 smart proxy compatibility fixed (#5856)
> > - DHCP lease conflict issues with Discovery (#5637)
> > - New compute profiles API, fixed API host creation (#4250)
> > - Audit field length issue with smart class parameters (#5671)
> >
> > The release also includes a new version of the Hammer CLI, version 0.1.1
> > with a number of features and fixes.
> >
> > See the release notes and Redmine for full change lists:
> > http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.1
> > http://projects.theforeman.org/rb/release/16
> >
> > ==== Upgrading ====
> > Fully supported with package upgrades from both 1.4 and 1.5.0.
> >
> > Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5"
> > directories or components.
> >
> > Please read the instructions here:
> > http://theforeman.org/manuals/1.5/index.html#3.6Upgrade
> >
> > --
> > Dominic Cleal
> > Red Hat Engineering
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "foreman-announce" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email
> > to foreman-announce+unsubscribe at googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
>
>
>
> > _______________________________________________
> > Infra mailing list
> > Infra at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/infra
>
> _______________________________________________
> Infra mailing list
> Infra at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
More information about the Infra
mailing list