Foreman 1.2.3 security fix release

Showing 1-1 of 1 messages
Foreman 1.2.3 security fix release Dominic Cleal 10/7/13 5:14 AM
Foreman 1.2.3 has been released to fix a security issue.  We recommend
users update as soon as possible.  The security issue resolved was:

1. SQL injection in host and host group overrides/matcher associations
   CVE identifier: CVE-2013-4386
   Issue tracker: http://projects.theforeman.org/issues/3160

Authenticated access to Foreman is required to exploit it.

Two packaging bugs were fixed, see the release notes for full details:
http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.3
http://projects.theforeman.org/versions/33

This release only contains an update to Foreman itself, not the smart
proxy or other projects.

==== Packages ====
From 1.2.x, simply upgrade packages from our repositories to version
1.2.3.

Package repos are available here:
http://yum.theforeman.org/releases/1.2/
http://deb.theforeman.org/

Tarballs available here:
http://projects.theforeman.org/projects/foreman/files

==== Reporting issues ====
If you have any issues, please follow the usual support process and file
bugs in redmine.

Support information: http://theforeman.org/support.html
Foreman: http://projects.theforeman.org/projects/foreman/issues/new

--
Dominic Cleal
Red Hat Engineering