Skip to navigation

Security Advisory Important: CloudForms System Engine 1.1 update

Advisory: RHSA-2012:1543-1
Type: Security Advisory
Severity: Important
Issued on: 2012-12-04
Last updated on: 2012-12-04
Affected Products: Red Hat CloudForms
CVEs (cve.mitre.org): CVE-2012-3538
CVE-2012-4574
CVE-2012-5603
CVE-2012-5605

Details

Updated CloudForms System Engine packages that fix multiple security
issues, several bugs, and add enhancements are now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat CloudForms is an on-premise hybrid cloud
Infrastructure-as-a-Service (IaaS) product that lets you create and manage
private and public clouds.

This update fixes bugs in and adds enhancements to the System Engine
packages, and upgrades the system to CloudForms 1.1.

This update also fixes the following security issues:

It was discovered that Katello did not properly check user permissions when
handling certain requests. An authenticated remote attacker could use this
flaw to download consumer certificates or change settings of other users'
systems if they knew the target system's UUID. (CVE-2012-5603)

It was discovered that Pulp logged administrative passwords to a world
readable log file. A local attacker could use this flaw to control systems
deployed and managed by CloudForms. (CVE-2012-3538)

It was discovered that the Pulp configuration file pulp.conf was installed
as world readable. A local attacker could use this flaw to view the
administrative password, allowing them to control systems deployed and
managed by CloudForms. (CVE-2012-4574)

It was discovered that grinder used insecure permissions for its cache
directory. A local attacker could use this flaw to access or modify files
in the cache. (CVE-2012-5605)

The CVE-2012-5603 issue was discovered by Lukas Zapletal of Red Hat;
CVE-2012-3538 was discovered by James Laska of Red Hat; CVE-2012-4574 was
discovered by Kurt Seifried of Red Hat; and CVE-2012-5605 was discovered by
James Labocki of Red Hat.

After upgrading to these new packages, follow the instructions in the "4.1.
Upgrading CloudForms System Engine" section of the CloudForms 1.1
Installation Guide:

https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/index.html

To view the full list of changes in this update, view the CloudForms
Technical Notes:

https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Technical_Notes/index.html

Users are advised to upgrade to these updated CloudForms System Engine
packages, which resolve these issues and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat CloudForms

SRPMS:
candlepin-0.7.8.1-1.el6cf.src.rpm
File outdated by:  RHSA-2013:0547
    MD5: 35d8be4842dbb8537edf9ad3c5088c42
SHA-256: d096c6ccfcb8ae213a4b339f97b3f00d1c4d97e001a717e7a39a521c9a75b56d
gofer-0.66.1-2.el5.src.rpm     MD5: 59b8f424bff97264a2804382a4d4c4f5
SHA-256: 3a126b570b7334d024fe6392b8ebb4c16c879f810856fec999ed4580be94eb56
gofer-0.66.1-2.el6cf.src.rpm     MD5: 311fd472edf2addb37933b06401d2cde
SHA-256: d6d8364afcdebfa948ecc7d94371b7b2a690bc331e2be27e55f4673bf2eb1eec
grinder-0.0.150-1.el6cf.src.rpm     MD5: aa4f1a570d0242fa7214d64503388e72
SHA-256: 82478044b4132665a643f0ec9c6eb328a24c47b65b1f4a35f770210a76cc3429
katello-1.1.12-22.el6cf.src.rpm
File outdated by:  RHSA-2013:0547
    MD5: 19f2ff5ef4fe25ede401dec19d0f3353
SHA-256: 3db3037c58b3d63bd6fb995be40014a2dda925602bd873e17452c629c65a7bd5
katello-agent-1.1.2-1.el5.src.rpm     MD5: 7c793976f12ef13279b6255f772d5b15
SHA-256: 80c747ac0fce2bc1122532b2ee87fac11ca93f3abacd221c582334359330dddb
katello-agent-1.1.2-1.el6cf.src.rpm     MD5: 842d52b66ba6ff889b22f8f254df6b25
SHA-256: 7156e6c4a1f3280fef7f10bda0db4720312e63bef3baac39431b6b34e6c9d7c9
katello-certs-tools-1.1.8-1.el6cf.src.rpm     MD5: f6f53a21b3062bdf9a348ebdbe7681ca
SHA-256: b07e607842b52a0f53038758449a4696091c1030a950c9294e76472de71fe2bb
katello-cli-1.1.8-12.el6cf.src.rpm
File outdated by:  RHSA-2013:0547
    MD5: e054c6b7ecbec17836860de6afd82eae
SHA-256: 94fa2388872589f397031d506d3790be6de312bb616c6a4a29c9989a111f94fa
katello-cli-tests-1.1.5-2.el6cf.src.rpm     MD5: e804b361b374efaff5218f7080d1908a
SHA-256: 9b5df985e7cb682f54beebaa758a79fc40d921a408df3da011bbafc0c25b5ac0
katello-configure-1.1.9-12.el6cf.src.rpm
File outdated by:  RHSA-2013:0547
    MD5: 7ac1b0b44cd061f5f90b03ed1ce584b7
SHA-256: 448633b0ccab0f6bace6e0d9f85d581800ccf639f271711cfbdac332271f18c0
katello-selinux-1.1.1-2.el6cf.src.rpm
File outdated by:  RHSA-2013:0547
    MD5: 12bf82baff40b4c70fa70884fe2fd8fc
SHA-256: 93f26885c4ae3c7c9b3a76cf5dab19b8f1b404579e3fe7b144ee6283a03e06a7
pulp-1.1.14-1.el6cf.src.rpm
File outdated by:  RHBA-2012:1603
    MD5: cb87914de319161d7c32e7ff975bec9e
SHA-256: e72c2c303665bf4396471f7318353cd18b3898ae1139cc7d5fb79640e77d70dc
quartz-2.1.5-4.el6cf.src.rpm     MD5: 56fd44675dffdc5c37fc6f514921b428
SHA-256: 75381f00dd526fff6ddeed93fb1b1b54f7e78b7eae80f8e20eba6df86444b283
rubygem-apipie-rails-0.0.11-3.el6cf.src.rpm     MD5: 2646826c1fa8a8cdd90d4da746d3a01e
SHA-256: be290be4abe20ee491a5c874685c28ab365396630470f17c9ee40c4fc6b7f3e3
 
IA-32:
gofer-0.66.1-2.el5.noarch.rpm     MD5: 3eaff04b4e87ee121f7c47b1f83c4102
SHA-256: ae0dca1a0c9b8c3476f4747d1c0818d05806b518049202c825eed0a287829b2d
gofer-0.66.1-2.el6cf.noarch.rpm     MD5: 68cc82a953e06ed89c980d708af0d9d3
SHA-256: e6f54f1fa7a2571db4af93979a6cbd2548e5fb77b0bee5e4b94c1b6d8bc296ad
gofer-package-0.66.1-2.el5.noarch.rpm     MD5: 31c7394d6119e353bb7ecf0d454398aa
SHA-256: 66211652e8ca26fee4ad2a0bee62e930add7285ffcc864a2dcc1dd9c01062412
gofer-package-0.66.1-2.el6cf.noarch.rpm     MD5: bfe5b9a75153f53b842051552bb3c4e7
SHA-256: e4752d386dfb2b23f4e36176ae130ece31873386ff6b9d20ede5e7f76a4490e3
gofer-watchdog-0.66.1-2.el5.noarch.rpm     MD5: d5d00f5d9ef751004b77eaeedac79783
SHA-256: 458463677344288924ccaf0f590cbef28cc0892a2a674a7fcb2a719d1673a1a1
gofer-watchdog-0.66.1-2.el6cf.noarch.rpm     MD5: 431717187f361f2934fd536ea30bd2a8
SHA-256: b14a38fd4d87001018fbb0ffa41f9c3b47220dfb1fd2f1cd82d934ee64a7d04e
katello-agent-1.1.2-1.el5.noarch.rpm     MD5: c28e46a13b521b80a3bee3328c789cfa
SHA-256: 664ceb93c8a5d6923c7dff942433df274862857b2b2e741adc7b465aba7a2801
katello-agent-1.1.2-1.el6cf.noarch.rpm     MD5: c8023944e1a8a9eb6d68d24ecc00e6da
SHA-256: ec77e825ac5a1348636007d367c50f621b3a5f2224e78e82463bf99bfccecd22
python-gofer-0.66.1-2.el5.noarch.rpm     MD5: c8e00a6a4675ff4d8603d253db897cd8
SHA-256: 455de31b15c221bdb78c6bdd67e324195423f3e5a48002bce4de39daf6e08ff5
python-gofer-0.66.1-2.el6cf.noarch.rpm     MD5: 94540c121255e045a36a4b2241f51a7a
SHA-256: dc9644b4ae10c18973b7c8663e6cc8be8c1f2775a2d5fe1d0e258b299aa4bd06
 
x86_64:
candlepin-0.7.8.1-1.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: efd70b663f8041f0d2cd0085b52b0701
SHA-256: 59d03a6ae0e60485e2c0735d3f3d3355212d35a888196a8ebf0556e072a893b1
candlepin-devel-0.7.8.1-1.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 85de46de071e6e16c3cd250358411620
SHA-256: 40f4b42e220523d089b48989783076d8751ee943683a4dbce9c78c034aa37237
candlepin-selinux-0.7.8.1-1.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 576e2b68f05e96ec5dff931863742100
SHA-256: b0f4c04b40a2f71a2a0593a4a62d49b72c0a2ccdf51d07b846e1cc4c63bc18bc
candlepin-tomcat6-0.7.8.1-1.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 668ac1c19c0716e50aaf8d4929b06428
SHA-256: 902eeed66710f6c93c5b9c115f596214820f22325bf622095f7f3d71eb268ea4
gofer-0.66.1-2.el5.noarch.rpm     MD5: 3eaff04b4e87ee121f7c47b1f83c4102
SHA-256: ae0dca1a0c9b8c3476f4747d1c0818d05806b518049202c825eed0a287829b2d
gofer-0.66.1-2.el6cf.noarch.rpm     MD5: 68cc82a953e06ed89c980d708af0d9d3
SHA-256: e6f54f1fa7a2571db4af93979a6cbd2548e5fb77b0bee5e4b94c1b6d8bc296ad
gofer-package-0.66.1-2.el5.noarch.rpm     MD5: 31c7394d6119e353bb7ecf0d454398aa
SHA-256: 66211652e8ca26fee4ad2a0bee62e930add7285ffcc864a2dcc1dd9c01062412
gofer-package-0.66.1-2.el6cf.noarch.rpm     MD5: bfe5b9a75153f53b842051552bb3c4e7
SHA-256: e4752d386dfb2b23f4e36176ae130ece31873386ff6b9d20ede5e7f76a4490e3
gofer-watchdog-0.66.1-2.el5.noarch.rpm     MD5: d5d00f5d9ef751004b77eaeedac79783
SHA-256: 458463677344288924ccaf0f590cbef28cc0892a2a674a7fcb2a719d1673a1a1
gofer-watchdog-0.66.1-2.el6cf.noarch.rpm     MD5: 431717187f361f2934fd536ea30bd2a8
SHA-256: b14a38fd4d87001018fbb0ffa41f9c3b47220dfb1fd2f1cd82d934ee64a7d04e
grinder-0.0.150-1.el6cf.noarch.rpm     MD5: 2e9bc2b3284edce2859fbf63aac7b454
SHA-256: 5d94960b57d148d66ca42b1400a380f93024ecd8572ec70db3cd70e8d18a1d4d
katello-1.1.12-22.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: d07ab662bdc4bfbc90fe3009bfb6abb5
SHA-256: 7176e8856febe3a37db31a8533cffac10069a683fa729442769e1b86c4dcde25
katello-agent-1.1.2-1.el5.noarch.rpm     MD5: c28e46a13b521b80a3bee3328c789cfa
SHA-256: 664ceb93c8a5d6923c7dff942433df274862857b2b2e741adc7b465aba7a2801
katello-agent-1.1.2-1.el6cf.noarch.rpm     MD5: c8023944e1a8a9eb6d68d24ecc00e6da
SHA-256: ec77e825ac5a1348636007d367c50f621b3a5f2224e78e82463bf99bfccecd22
katello-all-1.1.12-22.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: fe8af1e9213a3764cbad0080810801e7
SHA-256: 431bb580fdaaba2b0f52aeff8bbd890ea0f5643fe87113c21ecf56682eaf0901
katello-api-docs-1.1.12-22.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 08a0525dbde1c02368a5fb14147a06c2
SHA-256: eaccb39a243bc9923585495e1bbfeb5cbd980f9ade6eaf8ed08273cac4d0f52c
katello-certs-tools-1.1.8-1.el6cf.noarch.rpm     MD5: d1841a57f50fde2c67397b94ddd00d4e
SHA-256: f476b63ac98e9771587fa9f61bcb93d296489adcc42d5e385041317858e93131
katello-cli-1.1.8-12.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 49e7499e56cb378d07f32fc43832696d
SHA-256: 5d97109de68c779a9fa06f6f09d8cfa0b768c292a1bb32d102dd7a8c4c23ff2d
katello-cli-common-1.1.8-12.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: c1fa3278c9b41243202a573ef233ec7f
SHA-256: 4012f2dce91d78fb1962efc18d2168ea66234e9b06b5337d93eae0fa38303c06
katello-cli-tests-1.1.5-2.el6cf.noarch.rpm     MD5: b4ef486bed78d5acf4d2d26965d44a34
SHA-256: fafc0bdaae0df38a3bf369b16f107ef2818e4f71de5a716d7ca52cfe5be05f1b
katello-common-1.1.12-22.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 92a4ec28731d1b159b65951bb4a68954
SHA-256: ceb909c5dbcf8cc45ca283f06677b65a5ef456050b75043006b508ea8134ee7c
katello-configure-1.1.9-12.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 69dfc1ed980e9b85678f382d3f0dedf2
SHA-256: 57b527d71a425e09ebc285779d562d7555d2f53c16b5a65589d553c2619efeb8
katello-glue-candlepin-1.1.12-22.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 8281521a7873f1def9f0486ac2ecbffe
SHA-256: 9df7986484d79a1d8ea13ebbed9f01b7042dbb2dde8dbd56bf51d606e5c40a25
katello-glue-pulp-1.1.12-22.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 15809e1c22039cd69f856f132cec05d3
SHA-256: 19a0b09645e34fc636c3dfe473c10ea79d10f48b47ebe5b08472feddf6a07a72
katello-selinux-1.1.1-2.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0547
    MD5: 343a31238f102150b5ce8c0c6e87a529
SHA-256: 678a7827ddf7fa42c068083168fd4da534f508a00b97e234e89c55216e90e201
pulp-1.1.14-1.el6cf.noarch.rpm
File outdated by:  RHBA-2012:1603
    MD5: 2877a1aa07582ebcd4140a750c95bde5
SHA-256: e2d65902d7a8e7c75136a5c8d9697be75f66b0e37cdb158e0611beaa76c47d0f
pulp-admin-1.1.14-1.el6cf.noarch.rpm
File outdated by:  RHBA-2012:1603
    MD5: f6820fa825cf9a2e489e802753319932
SHA-256: 095ee132a3af1a3cecb79f46b8601d5065bed4d43640e18d3125ae38e1151368
pulp-client-lib-1.1.14-1.el6cf.noarch.rpm
File outdated by:  RHBA-2012:1603
    MD5: d2a19a34130cd7629026de69bedf721c
SHA-256: 3d7a9b4a2caaca1c9eea378038f216a2f08ba23f6bc118d92edec90d6a56e272
pulp-common-1.1.14-1.el6cf.noarch.rpm
File outdated by:  RHBA-2012:1603
    MD5: a2f390c9913fa04150c5d508aa4dc4f3
SHA-256: 8b0c8621c9403c72d81bf6be6cb98a6706ff1fcff313f438a079bcd2e76f7db1
pulp-consumer-1.1.14-1.el6cf.noarch.rpm
File outdated by:  RHBA-2012:1603
    MD5: bae9b5f7d485a3abc8b68813ffd18e8e
SHA-256: ac105d4bde5d33f2b439ab675ac8b1a39084b8c369af3f8b6c9d7e7009e17e61
pulp-selinux-server-1.1.14-1.el6cf.noarch.rpm
File outdated by:  RHBA-2012:1603
    MD5: 802ead9797d8e3f802686e4e621dd7e9
SHA-256: bdfb3b60a4b27e786fdaa628c62907c6f630ace3ea37a11aa5b74fe7416bc32a
python-gofer-0.66.1-2.el5.noarch.rpm     MD5: c8e00a6a4675ff4d8603d253db897cd8
SHA-256: 455de31b15c221bdb78c6bdd67e324195423f3e5a48002bce4de39daf6e08ff5
python-gofer-0.66.1-2.el6cf.noarch.rpm     MD5: 94540c121255e045a36a4b2241f51a7a
SHA-256: dc9644b4ae10c18973b7c8663e6cc8be8c1f2775a2d5fe1d0e258b299aa4bd06
quartz-2.1.5-4.el6cf.noarch.rpm     MD5: e3a250d8116cac2b7bccb47b0385be27
SHA-256: c792ef5e8814c26c8093dbcdb5e980918d5f8d07e30135d44aaf9802f9039dcb
rubygem-apipie-rails-0.0.11-3.el6cf.noarch.rpm     MD5: 5e87bc4b845c6bd5c10a20352cd7e52f
SHA-256: 9731749fd81b24f7b80ac8dd842a3dddd60384a404a9e269789409524c91cc9b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

746765 - Systems are locked out of katello and cannot re-register
753128 - Sync status remains in "error syncing" state even after successful sync of repo.
760180 - Notifications should note the appropriate Org for org-specific actions.
766694 - UI should show virtual child pools as "children" of the parent.
769559 - Subscribe system ignores "facts -> cpu.cpu_socket(s)"
782954 - Unable to register systems with i18nized names
786176 - (Some) duplicitous notifications produced in multiple langs when using other locales
786226 - List of product repositories not sorted alphabetically
787184 - Devise a disaster recovery plan (or process)
787305 - Notices with details breaking the "Notice List" page
789139 - Unmet dependencies for some packages
789535 - Systems: Cannot add Package Groups
790138 - Systems: hand-rolled systems cannot be initially created with a multibyte name.
790342 - Error in async task is not returned
796047 - SecurityViolation error while accessing gpg key details with read only user
796972 - translatable strings broken up, causing translation to sound wrong
797299 - Display which environment a system is subscribed to in its Details tab
797321 - Gigantic footer
797412 - katello permission not working as expected
799538 - promotions -> errata -> packages filter causes page reload on click
800529 - RFE: As a sysadmin I would like to manage a user's org from the CLI
801454 - Out of place/non-contextual error messages in prod log when creating new orgs
801580 - Updating sync plan does not update associated product's (repo's) sync schedule
802925 - Tool tip in activation key Details screen has markup visible
803548 - Async success notifications pop up from syncs in other orgs
803702 - Synchronizing a repo with i18n characters in name fails for second time
803728 - rpmdiff failure for build gofer-0.66-1.el6
803761 - rpmdiff failure for build katello-selinux-0.1.8-1.el6
804127 - [RFE] no logging property for Katello
804555 - Orgs with international chars in name provide broken urls in redhat.repo
804610 - Can't promote packages from repos with international chars in name
804685 - System Details/Packages, unclear what Packages/PackageGroups radio button does
805027 - Inaccurate system count
805412 - improper message - dot "." in org name being created
805627 - While create a new user, unable to select "Save User"
805709 - Package filter name is unique to entire system
805956 - SE doesn't provide a way how to refresh imported repositories
806076 - Promotion - viewing system template doesn't show the repos in that template
806078 - Changeset History - changing name of a set does not update left panel
806083 - Users - Environments tab is missing the 'Remove User' link
806353 - Sync Plans: Manually entering a time can cause time selector to get stuck on screen
806879 - Apparent discrepancy between Dashboard > System Subscription Status and Systems > All for hypervisors
806940 - RHEL 6.2 not completing sync
806969 - sync_plan creation is setting time 1 hour behind the chosen time
807288 - Selecting changeset from 'changeset history' tab raising "undefined method `find_repos' for #"
807291 - Adding a "bonus pool" to an activation key, then removing parent pool, causes errors
807468 - Only one manifest/product can be imported per system
807804 - Hidden user can be added to a role.
808172 - There should be some implementation of "katello --version"
808437 - [RFE] Don't make notifications for CLI actions performed (and pop them up in UI)
809259 - System not registering with activation key.
810378 - RFE - Search needed on repository selection during promotion
810945 - Unable to delete pools referenced by activation keys
811556 - Displaced 'save' button while editing the changeset description under "changeset history" tab
811564 - Switch default to false for "match system" when listing available subscriptions
812417 - System Properties for registered system lists "Arch" as blank
813675 - on "-v" rework seems `user list` lost the "Disabled" field
815308 - package filter: search for package starting "^" - traceback
815802 - Description on package filter does not save properly
816935 - RFE: Provide possibility to encrypt/obfuscate plaintext passwords
817123 - deleted system template not removed from activation key
818204 - Sync silently "cancels" on some (very large?) repos
818261 - candlepin-cert-consumer rpm not installable on RHEL5 - rpmlib(PayloadIsXz) <= 5.2-1 is needed
818370 - Changeset Fails to Promote with Candlepin RPM
819593 - RFE: Redirect /subscriptions/* to /katello/api/*
819941 - missing dependencies in katello-common
820373 - [RFE] Remove one of the two logout buttons in System Engine interface
820385 - [RFE] Make pulp aware of local/remote syncs
820624 - [RFE] Have PostgreSQL only listen on 127.0.0.1 instead of 127.0.0.1 and 0.0.0.0
820626 - Hide password and email creation fields at user creation time if LDAP auth is enabled in CFSE
820630 - String Updates
821345 - Promotions changeset of system template does not solve dependency of product
821644 - Create new CLI command admin crl_regen for recovery process
821929 - Typo: You -> Your
822119 - [cli] repo create without "http://" in url - python traceback
822484 - [cli] sync_plan list traceback
823688 - mouse cursor no longer turns to 'working' icon during ajax requests
824069 - katello CLI 'product list' should show marketing and engineering product relationships
824581 - GPG Key added to product/repo not added to existing instances which are subscribed to that product/repo
826581 - Hovering mouse from one top-level nav item to the next does not update 2nd level nav
827087 - Package sisu-cglib should not be built for RHEL6.x with a dependency on ant > 1.7.1
827108 - CLI reads "activation key" instead of "gpg key" for update in help.
828447 - CVE-2012-5605 Cloudforms grinder: /var/lib/pulp/cache/grinder directory is world-writeable.
828533 - katello agent AMQP port does not match /etc/services
829208 - Manifest import fail after creating a custom product
829437 - Hitting enter with blank field for GPG name returns JSON content
829794 - Trying to access many top-level menu items as a user w/ no rights throws ISEs rather than permission denied.
830176 - New System tooltip not localized
831664 - Repository sync failures not displaying detailed error in Notices
834006 - Templates: Package Listing in "Eligible Content" (sometimes) hangs/never renders
834013 - SAM is hiding the releaseVer variable from json causing subscription-manager-gui to disable the Release dropdown.
834242 - After user creation, the user name is not appearing in left pane.
834646 - IP Address for subscribed 6Server (6.3) system not displayed
834697 - Error in sasl_client_start when installing packages to subscribed client via web ui
835586 - UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 270: invalid continuation byte
835591 - activation-key --limit not working
835875 - Runtime Error Could not execute JDBC batch update at org.postgresql.jdbc2.AbstractJdbc2Statement$BatchResultHandler.handleError:2,573
836339 - Total count of users is incorrect when looking at one's user profile page
836575 - 'ascii' codec error while assigning role to user
837000 - [RFE] when updating sync plan by CLI, it resets the interval.
839005 - remove the "force" checkbox from importing manifest
840616 - katello-configure --help optparse.rb:395:in `+': can't convert nil into String (TypeError)
840624 - Post creating new environment in headpin, webui returns row:NotFound error
840625 - Post 'import manifest' subscriptions return row:NotFound
841000 - Auto-complete field displaying json traceback if elasticsearch text is entered
841289 - inconsistency on system info: Katello-Candlepin: unresponsive "Systems" page
841300 - Zoom out on 2-Pane page causes rendering error
841310 - /api/pools does not work with admin
841686 - Selecting an organization from the Orgs selector shifts the org name to the left
841691 - Systems page always shows lo interface IP on list
841984 - Creating new user displays confusing/misleading notification
841998 - Login: Attempting to login w/o selecting org throws error
842003 - Content Search - Errata: Hitting submit on a blank search in the "Repos" div throws error
842005 - Content Search - Products: Hitting "Add" makes button bounce to next line
842010 - Content Search - Packages: Entering a string in Repos field and hitting enter returns error
842252 - [Content Search] When all packages/errata loaded, the link to 'show 25 more' should be removed/disabled from UI
842256 - [Content Search] The 'Show' drop down shows 'errata' as default selection even if user click on packages link to list
842271 - CLI: list the "bugfix" errata for system group shows empty result
842569 - UI - "Symbol as array index (TypeError)" Error when clicking on errata install result status "Install Finished" link for system groups.
842838 - Content Search: Compare - No way to remove packages/repos from compare, after adding them.
842858 - lock icon missing for promotions in review state
843059 - Content Search - Packages: Auto Complete widget should provide only refined content depending on Repos
843061 - Creating repo no longer works when Product name has multibyte text
843064 - Content Search - Products: Not required unless searching for Products itself, it's misleading when searching for Repos, Packages and Errata
843161 - Content Search: Compare - need tooltips or other methods to extend long lines in fields.
843165 - Content Search: Compare - Repo compare UI inexplicably expands to all/multiple environments upon return from Compare
843462 - system unregister should remove itself from the associated system groups too
843529 - UI - Error is displayed when clicking on system group event when system is missing.
843845 - Katello Webui dashboard does not render the pie chart (graph) in the appropriate location
844414 - Interstitial org selector leaves user with no permissions with no options
844417 - User roles selector missing Plus/Minus signs
844678 - "Multi-entitlement not supported for pool with id" with activation key and custom product
844796 - async import manifest import progress causing errors
844806 - katello incorrectly prevents products with the same name in an organization
845060 - UI - Errata search by empty type in content search loads endless.
845096 - Some types of notifications don't go away on their own
845198 - Locale cannot be switched
845224 - Pulp can't connect to qpid on RHEL 6.2
845576 - Subscription quantity button does not align with text
845580 - Subscription quantity button does not have caption
845613 - System status discrepancy between Systems list and selected system panel
845668 - Spinner never stops after adding system to system group on FF3.6
845995 - CLI: wrong error when activation key name or system group name is wrong.
846251 - CLI: message issue when creating system group with existing name.
846482 - Bunch of icons showing up in duplicate alongside changetset history details
846719 - "Disclaimer" and "Terms of Use" links go nowhere
847002 - Web pages fail to render all elements and colors correctly in IE8 and IE9
847115 - Extend scroll bug on content tab, with > 50 subscriptions only the first 50 will populate.
847858 - Blind Rescue causes Activation Key Pools to be Removed when an Exception is thrown
848038 - Locale files for CLI are not installed
849224 - The thin server on sam installations will listen on all ip addresses, should listen on localhost only.
850342 - As a user I would like the organization selector at login to provide feedback once I have selected the org I wish to login to.
850790 - Content promotion from CLI no longer works
851080 - CLI: product promote shows strange error
851142 - CLI: changeset update shows strange error
851512 - Selinux issue on /etc/candlepin/certs/* files preventing httpd to start
852006 - 'Type' field shouldn't be empty under 'changeset list' command and should show the changeset type e.g. (deletion/promotion)
852119 - Setting initial environment on org create no longer works
852167 - Alignment off in content search result tree
852199 - CVE-2012-3538 pulp: admin password logged in plaintext in world-readable katello/production.log
852316 - CLI: wrong query error is shown for "system tasks" command
852388 - [apidoc] No documentation for "remote" actions in katello/apidoc/
852791 - Button without label in Content search
852804 - Content search does not show results due to a JS error
853056 - Cli command "system register" without an environment returns "not found"
853229 - Regression in error notification when sync plan time is left blank
853356 - Syncronization raises an exception when package have a different name structure
853445 - trace-back upon adding ERRATA to deletion changeset
853995 - Error is incorrect for non-existing systems
854697 - After manifest upload fails with bad repo url, manifest can no longer be uploaded at all, even after url is fixed
855184 - Using --add_package gives undefined method `empty?' for nil:NilClass error
855267 - [RFE] in "product" CLI commands add new option "product_id"
855406 - rubygem-redcarpet should not be needed in runtime
856220 - Katello installer fails because Tomcat 6 is not up during seed
857078 - `yum update katello` fails: unpacking of archive failed on file /usr/share/katello/public/fonts: cpio: rename
857230 - [Content Search] Mouse over errata item displays error message in the web ui
857274 - Promotion stuck in "applying" status
857499 - When logging in user which has no permissions, user is told to choose an org, but obviously cannot.
857539 - Clicking the "contract" arrow in the org selector on the main UI does not contract the picker
857550 - ReST calls appear to be failing on Environment specific requests with 'NoneType' object has no attribute '__getitem__'
857574 - German locale seems to have been switched to Russian in the web interface and another language for the cli
857720 - Javascript error if selecting Org in Providers page
857727 - Uploading GPG key on multiple Orgs leaves web ui in bad state
857842 - CLI: "/usr/share/katello/script/katello-debug --notar" does not generate packages dir
858011 - CFSE tracker bug for object-labeling
858013 - katello-configure config option for KATELLO_JOB_WORKERS
858038 - Installer sets 2 thin processes no matter what
858193 - After uploading manifest, javascript error: TypeError: P.data("jsp") is undefined
858277 - Installer (tomcat6) fails due to bad dependency
858358 - [RFE] Hide password creation and Email fields at user creation time if LDAP auth is enabled in CFSE
858360 - [RFE] katello-upgrade should take care of stopping and starting services
858363 - katello-cli and katello-cli-headpin should now how to handle upgrading to prevent file conflicts over client.conf.
858661 - impossible to remove not promoted repo: "Repository cannot be deleted since it has already been promoted."
858678 - rhsm registering for duplicate name fails: ERROR: duplicate key value violates unique constraint "index_systems_on_name_and_environment_id"
858682 - Cancelling a sync shows success in the dashboard
858706 - Configuration breaks badly if certain AD variables are missing
858960 - [ALL LANG][CFSE CLI] Run 'kateloo --help' with no en_US.UTF-8 locale produced traceback: 'ascii' codec can't encode characters in position.
859329 - [CFSE GUI] Unexpected code is displayed in the error message when uploading an empty file or no gpg file to GPG Key.
859407 - Puppet exec timeout not honored during configuration
859415 - Simple org creation not usable
859442 - System Panel - System Group dropdown menu does not contain system groups
859604 - [CFSE GUI] Upexpected code is displayed in the 'undefined method...Click here for more details' message.
859784 - [GFSE GUI] Unexpected code is displayed in the message when exporting a system template.
859963 - Systems> $system > Content > Packages: Improperly encoded section header reads "&#9650"
860251 - CloudForms System Engine not using branded Red Hat favicon
860421 - subscription-manager refresh throws LdapFluff::FreeIPA::MemberService::UIDNotFoundException
860702 - Only systems belonging to Organization's groups will be shown on Systems page, if at least one system group is defined.
860709 - After upgrading CFSE Pulp is not working correctly
862441 - Answering 'N' to stopping services question during upgrade needs to provide correct information
862997 - navigate "content search --> Repository comparison", spinner doesn't stop when user click 'show 25 more'
863187 - failed to sync: ('Package [%s] does not exist', u'b017e5e0-6d3e-4a9b-b3bb-53f55fc3e209')
863252 - katello-selinux-enable throws error
864216 - IE8 IE9 Content Search Rows - no Arrow and no expansion (basically unusable)
864372 - CLI - some keys does not work in "shell"
864936 - Product labels are not currently required to be unique.
864999 - pulp doesnt handle errata spanning across multiple repos case
865528 - Incorrect credentials shows strange bug "string indices must be integers"
865811 - Pulp timeouts under load
869575 - changeset update --add_product: "More than 1 product found with the name or label provided ..." - but actually not
871086 - template export fails: "error: string indices must be integers, not str"
872096 - Configuration files after upgrade are not deployed
872305 - When importing manifest, Katello doesn't scope the client certificate to access CDN by owner
872487 - CVE-2012-4574 pulp /etc/pulp/pulp.conf world readable, contains default admin password
873850 - Cannot create a custom product without explicitly setting a label
874160 - [upgrade] 1.0 to 1.1 upgrades brings UI error on Organizations edit page
874185 - After 1.0 to 1.1 upgrade, seeing duplicated repositories in UI
874768 - [1.0.1 to 1.1 UPGRADE] Katello database failed
882129 - CVE-2012-5603 CloudForms Katello: lack of authorization in proxies_controller.rb
882138 - CVE-2012-5605 CloudForms grinder: /var/lib/pulp/cache/grinder directory is world-writeable


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/