|Foreman 1.2.3 security fix release||Dominic Cleal||10/7/13 5:14 AM|
Foreman 1.2.3 has been released to fix a security issue. We recommend
users update as soon as possible. The security issue resolved was:
1. SQL injection in host and host group overrides/matcher associations
CVE identifier: CVE-2013-4386
Issue tracker: http://projects.theforeman.org/issues/3160
Authenticated access to Foreman is required to exploit it.
Two packaging bugs were fixed, see the release notes for full details:
This release only contains an update to Foreman itself, not the smart
proxy or other projects.
==== Packages ====
From 1.2.x, simply upgrade packages from our repositories to version
Package repos are available here:
Tarballs available here:
==== Reporting issues ====
If you have any issues, please follow the usual support process and file
bugs in redmine.
Support information: http://theforeman.org/support.html
Red Hat Engineering