3:30 p.m.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FpqsSaL3lF437MtlIiPbDqRWxKQI3k4c5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Maybe it's worth updating foreman
-------- Original Message --------
Subject: [foreman-announce] Foreman 1.5.1 security, bug fix and enhanceme=
nt update
Date: Wed, 18 Jun 2014 13:25:10 +0100
From: Dominic Cleal <dcleal+g(a)redhat.com>
Reply-To: foreman-users <foreman-users(a)googlegroups.com>
To: foreman-announce <foreman-announce(a)googlegroups.com>, foreman-=
users
<foreman-users(a)googlegroups.com>
Foreman 1.5.1 has been released, with many bug fixes for issues found in
1.5, three security fixes and a few minor features.
The security issues fixed are:
1. TFTP boot file fetch API permits remote code execution
CVE identifier: CVE-2014-0007
Redmine issue: http://projects.theforeman.org/issues/6086
Affects all known Foreman versions
2. Stored cross site scripting (XSS) in notification dialogs
CVE identifier: CVE-2014-3491
Redmine issue: http://projects.theforeman.org/issues/5881
Affects all known Foreman versions
3. Stored cross site scripting (XSS) in YAML preview
CVE identifier: CVE-2014-3492
Redmine issue: http://projects.theforeman.org/issues/6149
Affects all known Foreman versions
Additional details are available on our security advisories page:
http://theforeman.org/security.html
Other notable changes are:
- VMware compute profile issues fixed (#5652)
- Puppet 3.6 smart proxy compatibility fixed (#5856)
- DHCP lease conflict issues with Discovery (#5637)
- New compute profiles API, fixed API host creation (#4250)
- Audit field length issue with smart class parameters (#5671)
The release also includes a new version of the Hammer CLI, version 0.1.1
with a number of features and fixes.
See the release notes and Redmine for full change lists:
http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.1
http://projects.theforeman.org/rb/release/16
=3D=3D=3D=3D Upgrading =3D=3D=3D=3D
Fully supported with package upgrades from both 1.4 and 1.5.0.
Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5"
directories or components.
Please read the instructions here:
http://theforeman.org/manuals/1.5/index.html#3.6Upgrade
--=20
Dominic Cleal
Red Hat Engineering
--=20
You received this message because you are subscribed to the Google Groups=
"foreman-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an=
email
to foreman-announce+unsubscribe(a)googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--FpqsSaL3lF437MtlIiPbDqRWxKQI3k4c5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJToZSMAAoJEEBxx+HSYmnDg1gH/1jGv6xoOHu4r7VNUc7EJRJc
66Yeqi67noqk6m7t6bNv8Pc5M0dPx4TkXQiYOeL9po6EhcOwPFzN0Hua4euubKf9
nRi0dudc1YN1kCO7URrXdoCoMw2eCbxshDqt4gpSSfsurnUBc9Zxe0/PgS5p1rQj
7hTtVO3PkCjR5zRzCiy2diGBe2br0nsEbk83DBEM5UkCvIbSb+V7nBtut7DDTi1x
fW2nzs8eCaDKjUAGoaEew+Tf0RoFCvha7be5IG8gD8EKwFLGfyYZT1MPDf85Xg47
ecoO888tAvQg+//duJf3Y31HSmiX6Strn+ZfcfLHdZ5UKUEfXa6V+6iF6QN/fN0=
=ErXK
-----END PGP SIGNATURE-----
--FpqsSaL3lF437MtlIiPbDqRWxKQI3k4c5--
10:38 a.m.
On Wed, Jun 18, 2014 at 03:30:52PM +0200, David Caro wrote:
Maybe it's worth updating foreman
Given we already run 1.5.0 and I'm doing so now. Foreman may be
unavailable for a few minutes.
-------- Original Message --------
Subject: [foreman-announce] Foreman 1.5.1 security, bug fix and enhancement update
Date: Wed, 18 Jun 2014 13:25:10 +0100
From: Dominic Cleal <dcleal+g(a)redhat.com>
Reply-To: foreman-users <foreman-users(a)googlegroups.com>
To: foreman-announce <foreman-announce(a)googlegroups.com>, foreman-users
<foreman-users(a)googlegroups.com>
Foreman 1.5.1 has been released, with many bug fixes for issues found in
1.5, three security fixes and a few minor features.
The security issues fixed are:
1. TFTP boot file fetch API permits remote code execution
CVE identifier: CVE-2014-0007
Redmine issue: http://projects.theforeman.org/issues/6086
Affects all known Foreman versions
2. Stored cross site scripting (XSS) in notification dialogs
CVE identifier: CVE-2014-3491
Redmine issue: http://projects.theforeman.org/issues/5881
Affects all known Foreman versions
3. Stored cross site scripting (XSS) in YAML preview
CVE identifier: CVE-2014-3492
Redmine issue: http://projects.theforeman.org/issues/6149
Affects all known Foreman versions
Additional details are available on our security advisories page:
http://theforeman.org/security.html
Other notable changes are:
- VMware compute profile issues fixed (#5652)
- Puppet 3.6 smart proxy compatibility fixed (#5856)
- DHCP lease conflict issues with Discovery (#5637)
- New compute profiles API, fixed API host creation (#4250)
- Audit field length issue with smart class parameters (#5671)
The release also includes a new version of the Hammer CLI, version 0.1.1
with a number of features and fixes.
See the release notes and Redmine for full change lists:
http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.1
http://projects.theforeman.org/rb/release/16
==== Upgrading ====
Fully supported with package upgrades from both 1.4 and 1.5.0.
Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5"
directories or components.
Please read the instructions here:
http://theforeman.org/manuals/1.5/index.html#3.6Upgrade
--
Dominic Cleal
Red Hat Engineering
--
You received this message because you are subscribed to the Google Groups
"foreman-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-announce+unsubscribe(a)googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
12:15 p.m.
On Thu, Jun 19, 2014 at 10:38:12AM +0200, Ewoud Kohl van Wijngaarden wrote:
On Wed, Jun 18, 2014 at 03:30:52PM +0200, David Caro wrote:
> Maybe it's worth updating foreman
Given we already run 1.5.0 and I'm doing so now. Foreman may be
unavailable for a few minutes.
I should have sent an email right after the update, but the upgrade went
smooth. If you notice any issues, please report them.
>
> -------- Original Message --------
> Subject: [foreman-announce] Foreman 1.5.1 security, bug fix and enhancement update
> Date: Wed, 18 Jun 2014 13:25:10 +0100
> From: Dominic Cleal <dcleal+g(a)redhat.com>
> Reply-To: foreman-users <foreman-users(a)googlegroups.com>
> To: foreman-announce <foreman-announce(a)googlegroups.com>,
foreman-users
> <foreman-users(a)googlegroups.com>
>
> Foreman 1.5.1 has been released, with many bug fixes for issues found in
> 1.5, three security fixes and a few minor features.
>
> The security issues fixed are:
>
> 1. TFTP boot file fetch API permits remote code execution
> CVE identifier: CVE-2014-0007
> Redmine issue: http://projects.theforeman.org/issues/6086
> Affects all known Foreman versions
>
> 2. Stored cross site scripting (XSS) in notification dialogs
> CVE identifier: CVE-2014-3491
> Redmine issue: http://projects.theforeman.org/issues/5881
> Affects all known Foreman versions
>
> 3. Stored cross site scripting (XSS) in YAML preview
> CVE identifier: CVE-2014-3492
> Redmine issue: http://projects.theforeman.org/issues/6149
> Affects all known Foreman versions
>
> Additional details are available on our security advisories page:
> http://theforeman.org/security.html
>
> Other notable changes are:
>
> - VMware compute profile issues fixed (#5652)
> - Puppet 3.6 smart proxy compatibility fixed (#5856)
> - DHCP lease conflict issues with Discovery (#5637)
> - New compute profiles API, fixed API host creation (#4250)
> - Audit field length issue with smart class parameters (#5671)
>
> The release also includes a new version of the Hammer CLI, version 0.1.1
> with a number of features and fixes.
>
> See the release notes and Redmine for full change lists:
> http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.1
> http://projects.theforeman.org/rb/release/16
>
> ==== Upgrading ====
> Fully supported with package upgrades from both 1.4 and 1.5.0.
>
> Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5"
> directories or components.
>
> Please read the instructions here:
> http://theforeman.org/manuals/1.5/index.html#3.6Upgrade
>
> --
> Dominic Cleal
> Red Hat Engineering
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-announce" group.
> To unsubscribe from this group and stop receiving emails from it, send an email
> to foreman-announce+unsubscribe(a)googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> _______________________________________________
> Infra mailing list
> Infra(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
3863
days inactive
3864
days old
2 comments
2 participants
participants (2)
-
David Caro -
Ewoud Kohl van Wijngaarden