Fwd: [foreman-announce] Foreman 1.5.1 security, bug fix and enhancement update

David Caro dcaroest at redhat.com
Wed Jun 18 13:30:52 UTC 2014 

Maybe it's worth updating foreman


-------- Original Message --------
Subject: [foreman-announce] Foreman 1.5.1 security, bug fix and enhancement update
Date: Wed, 18 Jun 2014 13:25:10 +0100
From: Dominic Cleal <dcleal+g at redhat.com>
Reply-To: foreman-users <foreman-users at googlegroups.com>
To: foreman-announce <foreman-announce at googlegroups.com>,        foreman-users
<foreman-users at googlegroups.com>

Foreman 1.5.1 has been released, with many bug fixes for issues found in
1.5, three security fixes and a few minor features.

The security issues fixed are:

1. TFTP boot file fetch API permits remote code execution
   CVE identifier: CVE-2014-0007
   Redmine issue: http://projects.theforeman.org/issues/6086
   Affects all known Foreman versions

2. Stored cross site scripting (XSS) in notification dialogs
   CVE identifier: CVE-2014-3491
   Redmine issue: http://projects.theforeman.org/issues/5881
   Affects all known Foreman versions

3. Stored cross site scripting (XSS) in YAML preview
   CVE identifier: CVE-2014-3492
   Redmine issue: http://projects.theforeman.org/issues/6149
   Affects all known Foreman versions

Additional details are available on our security advisories page:
http://theforeman.org/security.html

Other notable changes are:

- VMware compute profile issues fixed (#5652)
- Puppet 3.6 smart proxy compatibility fixed (#5856)
- DHCP lease conflict issues with Discovery (#5637)
- New compute profiles API, fixed API host creation (#4250)
- Audit field length issue with smart class parameters (#5671)

The release also includes a new version of the Hammer CLI, version 0.1.1
with a number of features and fixes.

See the release notes and Redmine for full change lists:
http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.1
http://projects.theforeman.org/rb/release/16

==== Upgrading ====
Fully supported with package upgrades from both 1.4 and 1.5.0.

Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5"
directories or components.

Please read the instructions here:
http://theforeman.org/manuals/1.5/index.html#3.6Upgrade

-- 
Dominic Cleal
Red Hat Engineering

-- 
You received this message because you are subscribed to the Google Groups
"foreman-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-announce+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20140618/f15575a9/attachment.sig>

More information about the Infra mailing list