Skip to navigation

Security Advisory Important: Subscription Asset Manager 1.2 update

Advisory: RHSA-2013:0544-2
Type: Security Advisory
Severity: Important
Issued on: 2013-02-21
Last updated on: 2013-02-25
Affected Products: Red Hat Subscription Asset Manager (v. 1.x for RHEL 6)
CVEs (cve.mitre.org): CVE-2012-5561
CVE-2012-5603
CVE-2012-6109
CVE-2013-0162
CVE-2013-0183
CVE-2013-0184

Details

Red Hat Subscription Asset Manager 1.2, which fixes several security
issues, multiple bugs, and adds various enhancements, is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

[Updated 25th February 2013]
This erratum previously failed to include the updated rubygem-rack package.
It also previously incorrectly documented CVE-2012-5604 as being fixed,
however that issue never affected Subscription Asset Manager and is no
longer listed. As well, CVE-2012-6496 was described as being fixed, however
that issue had previously been fixed in RHSA-2013:0154.

Red Hat Subscription Asset Manager acts as a proxy for handling
subscription information and software updates on client machines.

It was discovered that Katello did not properly check user permissions when
handling certain requests. An authenticated remote attacker could use this
flaw to download consumer certificates or change settings of other users'
systems if they knew the target system's UUID. (CVE-2012-5603)

It was found that the
"/usr/share/katello/script/katello-generate-passphrase" utility, which is
run during the installation and configuration process, set world-readable
permissions on the "/etc/katello/secure/passphrase" file. A local attacker
could use this flaw to obtain the passphrase for Katello, giving them
access to information they would otherwise not have access to.
(CVE-2012-5561)

Note: After installing this update, ensure the
"/etc/katello/secure/passphrase" file is owned by the root user and group
and mode 0750 permissions. Sites should also consider re-creating the
Katello passphrase as this issue exposed it to local users.

Three flaws were found in rubygem-rack. A remote attacker could use these
flaws to perform a denial of service attack against applications using
rubygem-rack. (CVE-2012-6109, CVE-2013-0183, CVE-2013-0184)

It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)

The CVE-2012-5603 issue was discovered by Lukas Zapletal of Red Hat;
CVE-2012-5561 was discovered by Aaron Weitekamp of the Red Hat Cloud
Quality Engineering team; and CVE-2013-0162 was discovered by Michael
Scherer of the Red Hat Regional IT team.

These updated Subscription Asset Manager packages include a number of bug
fixes and enhancements. Space precludes documenting all of these changes
in this advisory. Refer to the Red Hat Subscription Asset Manager 1.2
Release Notes for information about these changes:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.2/html/Release_Notes/index.html

All users of Red Hat Subscription Asset Manager are advised to upgrade to
these updated packages, which fix these issues and add various
enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Subscription Asset Manager (v. 1.x for RHEL 6)

SRPMS:
apache-commons-codec-1.7-2.el6_3.src.rpm     MD5: 4420135999873235add4d219fd928bd5
SHA-256: 0bd0c681f21b51c70573ad8975b96ef01ce3b9b252ecc53fcc028dd0579f7995
apache-mime4j-0.6-4_redhat_1.ep6.el6.1.src.rpm     MD5: 2d412e05bd2739bcbe1eff7ed9daba54
SHA-256: 1935193f558ba7bec4cd7770403d9f076b786b3917edb417bf33240e7ac38f4f
candlepin-0.7.23-1.el6_3.src.rpm
File outdated by:  RHSA-2013:1863
    MD5: 7c7e09b39ce6310e170500089a933170
SHA-256: 74c87d42c7d3b2c933ae35f4ced8bad1616dd8e4ae5011d5d22ef3521aba2890
elasticsearch-0.19.9-5.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: b3391e57d41ebc6b46f313de4370526f
SHA-256: 3968513bc444a1e3c294bfef35e80ada5001b1731f2ca5cbf9fb161465803f49
katello-1.2.1-15h.el6_3.src.rpm
File outdated by:  RHBA-2013:1489
    MD5: e1127c5f5a96062503161a687720f2e0
SHA-256: d5e02e87b02b10ab0175f28df7a4c7370d4bcd9b3ee289b3ac109aa674328213
katello-certs-tools-1.2.1-1h.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: 83a6c8ecdca84ec8a4922163f0cf9cde
SHA-256: 50a2b92c85c3c7861a9c63b27923bc7e66486c8c6017c320c7b15c3df0686f32
katello-cli-1.2.1-12h.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: bdd8f415905ccfa28dd4617ba99455ba
SHA-256: 0d38e84d0039c372490394d95cb49566ac96118768bcf0f2ed41c3e8005f728d
katello-configure-1.2.3-3h.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: 725f1e44371011ef1f440fe79513cc93
SHA-256: 172b680d32a84fcb820e1b7d2855e0b69a18b019855aedb6622af1590e8cea1a
katello-selinux-1.2.1-2h.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: ee74c46b7c2172602f6bdf9ed3965fe6
SHA-256: b120bde9ed9412db0ce69eba169c4dfb3a066c152f85c796468bbdb536f51470
lucene3-3.6.1-10h.el6_3.src.rpm     MD5: 27e2556d3b5109076bd0caf06d29f654
SHA-256: 6256f44afc32a97270c541f2e6084a2d7f73cda13e0ef020408a3a209b4ebe20
puppet-2.6.17-2.el6cf.src.rpm     MD5: e283a5233b0dfcc416bf9f2921b5b9a5
SHA-256: b63ddfd331ad18036d1cd8e8c630feee389707de6f5d1e42ddb7fa0570781ee8
quartz-2.1.5-4.el6_3.src.rpm     MD5: f3bebef3f1b6c53ab70ad048280357aa
SHA-256: 01349a5e67d87dd88155a7b652a85838d24255699a35b403e4537d70484b7f0c
rubygem-activesupport-3.0.10-10.el6cf.src.rpm     MD5: 4462c25310e526a37d0c2aa5628d3c88
SHA-256: eacda6afd4f5eba8c6ca2f51d93962e4a4d49ac16057f86e621a5e2f94aaf2e9
rubygem-apipie-rails-0.0.12-2.el6cf.src.rpm     MD5: e76683f3fd1620b069294b4f06a96de6
SHA-256: d3978e379ee5e94e2426764620af7018d08a39405b7c8f67cd254f03e0323d92
rubygem-ldap_fluff-0.1.3-1.el6_3.src.rpm     MD5: 9b49a22d846f975e00449d56c221db8a
SHA-256: d6fd8e8cd7df94e5b8d7c7b8ad1452f2bbaf8bc121eeb511493b142c0df61cea
rubygem-mail-2.3.0-3.el6cf.src.rpm     MD5: 5637ddfe4d2ec98645a780aabe9d5e82
SHA-256: 448d0d2d9e24f8da1b58740b9b168718e4842c2de770f8c97f14b671832dc468
rubygem-rack-1.3.0-3.el6cf.src.rpm
File outdated by:  RHSA-2013:0686
    MD5: 6aa50ec83cb8b9919667c4842e678ad5
SHA-256: 4b49dbf41fb124da920169a20bf20905509cd456baf4060cdd4786ba0e1a1d60
rubygem-ruby_parser-2.0.4-6.el6cf.src.rpm     MD5: 704f5a4f03f6eed75a8cd62457eccfd9
SHA-256: d24d4ca2ad44bb41cff5048e98c4f7ca7ce85f69696a2ddf81ea6c6cea9fd26b
sigar-1.6.5-0.12.git58097d9h.el6_3.src.rpm     MD5: 2707e272826fb669e0ddc7b4fb440d70
SHA-256: dc4ea028692574e9a10918ef14387635c5f59ff0102e10e2ed657446df05eb3d
snappy-java-1.0.4-2.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: 13581d78511f7c5790471b376d046b7f
SHA-256: f11d1f1cc5f6367ca408c73e3a22784f2e207798d07687b862098b809e6e870a
thumbslug-0.0.28-1.el6_3.src.rpm
File outdated by:  RHEA-2013:1390
    MD5: 9765f53e959a8f876d72fcef0b3c5a2e
SHA-256: 37fe13cb68c94d8b260494b593f53c4888ae2d1072396b151438d6e418ad9555
 
x86_64:
apache-commons-codec-1.7-2.el6_3.x86_64.rpm     MD5: d72ca605b51fe7104b8db32093d49879
SHA-256: 682af2a84621c3bfc57e454ac88d1f87354a35b1d659422e6c23e10d092eeb06
apache-commons-codec-debuginfo-1.7-2.el6_3.x86_64.rpm     MD5: 93c9036d9cc495c96504f6279d7e5aac
SHA-256: 8c09bf0a0dde86dd20b9bead1bf0f7947cc7def88ffae70e1e208529746cb65d
apache-mime4j-0.6-4_redhat_1.ep6.el6.1.noarch.rpm     MD5: d4894adfe0053088340b41a02d00a891
SHA-256: 1cb16aef190b7baaab39a14f93f17693252a04d1b7da9076cfde527a92de841f
apache-mime4j-javadoc-0.6-4_redhat_1.ep6.el6.1.noarch.rpm     MD5: 9cd190c2a7d2fc7a314d18e527fd53db
SHA-256: ac56dba3d36fd31d8abcf0b8b9e66674e71e0bd1b8982994e899577260a8269d
candlepin-0.7.23-1.el6_3.noarch.rpm
File outdated by:  RHSA-2013:1863
    MD5: a433cd025fcf0606a204b86264d1f7ee
SHA-256: 5f119ade6a182ea4545f7b6f5a553f4787f166ab60858393563ffddf404f184b
candlepin-devel-0.7.23-1.el6_3.noarch.rpm
File outdated by:  RHSA-2013:0686
    MD5: 9c4caf8691c922ce7217560455694816
SHA-256: e9709eb8934a4a760c1e4e652f9daf208a84f87f4395d09b58a716f3c028f8ae
candlepin-selinux-0.7.23-1.el6_3.noarch.rpm
File outdated by:  RHSA-2013:1863
    MD5: 880a00ef68661c84e8c8b004b12d5c82
SHA-256: aec24011ee191141325f57147ba5ba88ade4b27fc7dd871e4515b9f0ab764884
candlepin-tomcat6-0.7.23-1.el6_3.noarch.rpm
File outdated by:  RHSA-2013:1863
    MD5: 6af71100e67359771bfc8d10da1348e1
SHA-256: b5dde48c21cc92d685439172ff1fa7e6c85771581ccc90a0d5ce86c776f4d7d3
elasticsearch-0.19.9-5.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: 0d036d58492c292aebf340abb9af574b
SHA-256: 52429cb84b9f45eedd93db3a27ec1d8bf43b2956135d873b4c2ed0d26b26cb40
katello-certs-tools-1.2.1-1h.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: 100e76d0aa9a3566657b56242dfb7274
SHA-256: ad2a72893456f076d29237d654fbd5c1b831c70a9f158a8c2a2af7515b971b2d
katello-cli-1.2.1-12h.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: bd5d834aa4a9363f6226a93f9eb162d3
SHA-256: e70dcf7a2daaca8b3544ceb5446aae01d28f936a34c5b7d4390c121c8b78d1ef
katello-cli-common-1.2.1-12h.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: 1199b20635210f306248a311c2d2c601
SHA-256: 575ff720f8b9e3b7a1c675d7aeadfee14026d009dad44dc6df97b6803f2d9e4b
katello-common-1.2.1-15h.el6_3.noarch.rpm
File outdated by:  RHBA-2013:1489
    MD5: 877109c7e60f91cb6f961fd68d84e251
SHA-256: 7aee9c6affe2f6f0de34911bf7e60852b3ad3d22879bf4310ff5903fd59fb4ca
katello-configure-1.2.3-3h.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: 589dbc71173f23562fc4148e50728cd8
SHA-256: 783d7175f106d9c31e111d7c4d12d81977855cb7a7a2253afba7d84cf96efa48
katello-glue-candlepin-1.2.1-15h.el6_3.noarch.rpm
File outdated by:  RHBA-2013:1489
    MD5: b799afc69299c4924672035b1e5d9edb
SHA-256: 119dfc448d50d012e09f99dec4b3cdc630c6632a9eda52edfde61bd40afff35a
katello-headpin-1.2.1-15h.el6_3.noarch.rpm
File outdated by:  RHBA-2013:1489
    MD5: 016a448855e0b1a307b5b456edd28f70
SHA-256: 33640592ed4ab027bdb40f77c982909cebef73ff010a6c24503ce570422de5f8
katello-headpin-all-1.2.1-15h.el6_3.noarch.rpm
File outdated by:  RHBA-2013:1489
    MD5: 81a00c672ecf69711ef867851fccbf1a
SHA-256: 3392a4bed1158c5d42e086e005bd37a71bcc8b669002e8359d6dbe63f58a4f03
katello-selinux-1.2.1-2h.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: 55afebe9ee046ba349f91f06d2804601
SHA-256: 41cb8e0f0fab16d43f421591dfc03f3e3eb29ef896e257c58ccd34c55b1c5d78
lucene3-3.6.1-10h.el6_3.noarch.rpm     MD5: 759976a3d46c0ee67ee4466cf8afc5ad
SHA-256: 970d3232c9dbb61b7bff7de1a5a92a1cd7a4ea73c9a1e867fced22c1d5161122
lucene3-contrib-3.6.1-10h.el6_3.noarch.rpm     MD5: f4fa5473c58784ee09ccd510c7c784a2
SHA-256: 630c0a802d0c8a317a6ab01b27f3066ce0647bbb83abe2142761dad643f9ad29
puppet-2.6.17-2.el6cf.noarch.rpm     MD5: 8e167cfcf60366b1de71548204fe173d
SHA-256: 831d0dd7bb72c99124ff8270ffc3b4d6bda39aeadb5501ebed42ad879d5ba2ac
puppet-server-2.6.17-2.el6cf.noarch.rpm     MD5: 3c26b8b86a18c76833da77afa1bfe81e
SHA-256: 36236c2c71639d57bd9cf2279b013fa3ac4a31014029bdca24310a3fffe9292f
quartz-2.1.5-4.el6_3.noarch.rpm     MD5: 93bc73ced88d5d6cb2ad400622c1d453
SHA-256: 55aae298535b4704a7f7f6ed54083146b24277ce826675ce7194f8434add8625
rubygem-activesupport-3.0.10-10.el6cf.noarch.rpm     MD5: beecbd690e31ca9c90e66e6094bcb9e6
SHA-256: 8ab09a4e64b8a2527d3e79372d92c772a695275dbb28b22472877904a18575b0
rubygem-apipie-rails-0.0.12-2.el6cf.noarch.rpm     MD5: 1b38ab76d7ca151d63604acd8d34961f
SHA-256: 4de5aab0b338d435daa8f1d08bed440f3819562b7ef63114ab3a317cfc452dac
rubygem-ldap_fluff-0.1.3-1.el6_3.noarch.rpm     MD5: d872c421085eb6e90d6d45303c2b4e0f
SHA-256: 830d635168eace65afb8163148138cadf02afb4867873da1e80d6729b9d1c86b
rubygem-mail-2.3.0-3.el6cf.noarch.rpm     MD5: 1630ae91f12f3704687d848487603f3f
SHA-256: d8bc179b646fe4f4a5a34934885e507506a630ab6eba3650964da6f41ac1eec8
rubygem-mail-doc-2.3.0-3.el6cf.noarch.rpm     MD5: 222dcfe5f7e48625595f64d7eb2c67ff
SHA-256: be1d87e13fb37d08f741eaa011556b6c4ef5894b71039c4a4ac8a2f63e37430c
rubygem-rack-1.3.0-3.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0686
    MD5: 1ac52d098f65f52c3c93cf71bfe9c51d
SHA-256: e70cc385af10a19e9aea9e9a23cdaafc508787ffe7358c46632b4a7a6e722db6
rubygem-ruby_parser-2.0.4-6.el6cf.noarch.rpm     MD5: d1a6137ed045e3d6e6864e00b1301132
SHA-256: ad698211882950fa51c4f4e30fc81e54cb4874ed8d4a485db5333ded811e0306
rubygem-ruby_parser-doc-2.0.4-6.el6cf.noarch.rpm     MD5: 15410740b9ed1cb39ae8b7cbb1637be5
SHA-256: 83e4ea05014c2927d3c3130d43c3b5bf960066f4b62b314653ad33fb2287478f
sigar-1.6.5-0.12.git58097d9h.el6_3.x86_64.rpm     MD5: 77413ae8e3ef3a0f9fecbf8e900ba1b2
SHA-256: 58b3cb2874bab12c741e39dd792be12a945568fcc76c9a7c278e59a1b2820b94
sigar-debuginfo-1.6.5-0.12.git58097d9h.el6_3.x86_64.rpm     MD5: 96efe6c7ca0feb1dc1383e343c5b8607
SHA-256: 5b461f0aae017d7c3bd35327807ddaf76e7e7a03a7dbb35f0c064bcc3cdb1cef
sigar-java-1.6.5-0.12.git58097d9h.el6_3.x86_64.rpm     MD5: 61738380d31e23c1b8f537e26ff6237e
SHA-256: 20f11ca1f420bba89f6881ebfa91f19d5157ef902aac1e20ec4ee23686dc3b5c
snappy-java-1.0.4-2.el6_3.x86_64.rpm
File outdated by:  RHEA-2013:1390
    MD5: d94123f8697dc45704199149fe24ab84
SHA-256: 12acbfbb737ddfd95c62d248ce62435bee12220b6c61fe11a10e1a74d3eb3eb7
snappy-java-debuginfo-1.0.4-2.el6_3.x86_64.rpm
File outdated by:  RHEA-2013:1390
    MD5: 8ec42c6d896e812b3c86c5e4bdc04b2b
SHA-256: 77b01dd3a5b3fc93b30ca86627c1cccd3d4a292fdeadc2917e49d6d682dc9dee
thumbslug-0.0.28-1.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: e959b9a261643d15f831d3de72a71a6c
SHA-256: d2b5fca0a26a55d38088da4242a5909e105af3bcc1cbe5b6a6ea1648b32ae2bc
thumbslug-selinux-0.0.28-1.el6_3.noarch.rpm
File outdated by:  RHEA-2013:1390
    MD5: db2b776bff65022e66507f55f9642811
SHA-256: 563aa905ab0ba4b27a3c46f0a00a8e50b936beb2a693628cde997b5aa406bbd6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

760564 - UI should show virtual child pools as "children" of the parent.
800145 - Manifest import needs to be smarter about product attribute copying
809823 - katello-configure --deployment=katello is accepted in a SAM only installation.
813291 - [RFE] Username cannot contain characters other than alpha numerals,'_', '-', can not resume after failure
817845 - Better CLI error message when options are invalid
817946 - API not accessible from browser
818679 - katello-configure --help should show valid options.
818903 - Name of the pdf generated for sam system report command should be modified
819002 - [RFE] Hide password creation and Email fields at user creation time if LDAP auth is enabled in CFSE
819611 - [RFE] SAM 1.0 Have PostgreSQL only listen on 127.0.0.1 instead of 127.0.0.1 and 0.0.0.0
822942 - [RFE] Add new Application Shell to Subscription Asset Manager
822943 - [RFE] Improved Subscription Viewer
822945 - [RFE] Improved Visibility to Customer Portal
826099 - katello-debug returns unexpected error messages when run on a SAM installation
829474 - Assigning a subscription to a macihne in SAM does not update the compliance icon in the System List
832425 - SAM cli headpin Version command returns exitCode as 1 even after successful completion of command
832462 - katello-cli and katello-cli-headpin should now how to handle upgrading to prevent file conflicts over client.conf.
840595 - katello-configure --help optparse.rb:395:in `+': can't convert nil into String (TypeError)
840600 - Post creating new environment in headpin, webui returns row:NotFound error
840603 - Post 'import manifest' subscriptions return row:NotFound
840609 - katello-headpin displays system groups under activation key when headpin will not support system groups
840792 - Activation key delete displays error
840969 - Delete environment with members causes Couldn't find KTEnvironment with
841868 - Systems page always shows lo interface IP on list
843625 - The thin server on sam installations will listen on all ip addresses, should listen on localhost only.
843857 - Katello Webui dashboard does not render the pie chart (graph) in the appropriate location
843861 - Installing the candlepin-cert bootstrap package fails on RHEL5.8+
843904 - During transition between systems in the webui, user will see System Group and Errata elements along with install button and other.
845501 - katello-configure --deployment=headpin fails after katello-headpin-all install on fedora-16
845620 - [RFE] Improve messaging around results of setting the yStream
847024 - Web pages fail to render all elements and colors correctly in IE8 and IE9
847117 - Extend scroll bug on content tab, with > 50 subscriptions only the first 50 will populate.
847598 - katello-configure --deployment failed after katello-all install
850336 - As a user I would like the organization selector at login to provide feedback once I have selected the org I wish to login to.
852508 - User limited by role will receive ResourceTypeNotFound in Dashboard#index when logging in
854278 - After adding certain objects to katello one will see a warning, '' did not meet the current search criteria and is not being shown
854283 - When creating a new organization, the Environment specified at creation time is not being created.
854985 - subscription-manager register for a system fails using the activation key
856303 - "Invalid resource type 'system_groups' " error message when trying to unregister from SAM
856777 - Test case failure: As a Admin I would like to know that my manifest will load as scheduled, even if katello-jobs is not running when I submit the request.
856795 - Test case failure: [SAM] Install - Quick (Default) Fails
857452 - katello-configure fails with katello-jobs change to running failed
859128 - Consumer fails to consume content from a Headpin distributor PYCURL ERROR 52 - "Empty reply from server"
863461 - Headpin Cli automation : Failure to list the org updated with special chars other than ascii chars
865571 - man page for headpin shows katello context
866323 - Storing the user report via cli in a pdf format fails in headpin-cli upstream
866972 - katello-debug needs to take headpin into consideration
866995 - server version is "Unknown" when registered to a katello/cfse/sam server
868290 - Thumbslug needs to verify more certificates.
869380 - add confirmation dialog to "delete manifest" functionality
871622 - Upgrade from 1.0 to 1.2 fails with file conflict
872332 - Username/password from previous katello-configure returns CLI error "error: string indices must be integers"
872334 - existing orgs do not get default value for system_info_keys in database
872335 - deleting an imported manifest should add message to /owner/$owner/imports results
872602 - API: /consumers/{id}/entitlements returns incorrect data and Content-Type header
872687 - create a Role with single-character name fails
873038 - Entering an env name of "Library" when creating an organization does not give clear error message
873443 - RAM value listed should be "memory.memtotal" fact
873803 - subscription filter chooser on systems page blinks when page first loads
873809 - Javascript error when looking at Import History for subscriptions
874182 - Creating a consumer with blank sockets results in missing system
874280 - change of terminology related to subscriptions and distributors
874502 - Upload manifests UI in 'ja' language contains headings overwritten on each other
874510 - Activation Key Page in 'ja' language headings ovewritten in headpin
874583 - Environments do not populate when adding a new user without full admin
874737 - [upgrade] 1.0 to 1.1 upgrades brings UI error on Organizations edit page
874744 - Product labels are not currently required to be unique.
875101 - ISO installer uses 2.7 API, which does not run on RHEL 6
875609 - Could not find ESX/Hyper-V host on SAM WebUI
875876 - Thumbslug prevents client connections for unknown reason
876869 - [ja_JP][SAM Web GUI] Overlapped in Add Permission page and Edit Permission page.
876896 - [ja_JP][SAM Web GUI] Overlapped in Content - Subscriptions page
876911 - [ja_JP][SAM Web GUI] Overlapped in Content - Activation Keys page
877317 - [ALL_LANG][SAM Web GUI] Unlocalized string 'Viewing xx of xx results (xx Total xx)'.
877473 - SAM upgrade fails with uninitialized constant Glue::Foreman
877894 - [ALL_LANG][SAM Web GUI] Some unlocalized messages for creating Users.
878191 - CLI system remove_deletion fails calling candlepin proxy
878341 - [ja_JP][zh_TW][ko_KR][SAM Web GUI] Default environment name 'Library' should not be localized.
878355 - [ru_RU][fr_FR][SAM Web GUI] - Text not fitting in the level properly
878370 - [ALL_LANG][SAM Web GUI] Unlocalized date, tooltips for Release Version and strings for Systems
878377 - [es_ES] - Unlocalized strings in SAM Web GUI pages.
878693 - [RFE] Selecting multiple systems does not give me any action
878750 - [es_ES][it_IT][SAM Web GUI] - Mouse over and Click tool causing overlap with the other contents
879094 - CVE-2012-5561 Katello: /etc/katello/secure/passphrase is world readable
879170 - [fr_FR][SAM Web GUI] - Untranslated strings in SAM Web GUI
879245 - [cli] `system subscriptions --uuid`returns python's "None" as system name
879320 - [cli] system list shows 127.0.0.1 for registered virtual guests
880113 - [ALL LANG][SAM CLI] undefined method `with_indifferent_access' for #<Array:0x7f9a1164f0e8> occurred when --add_subscription or --remove_subscription with blank or invalid ?? value for activation_key update module.
880116 - [ALL LANG][SAM CLI] undefined method `[]' for nil:NilClass occurred when --add_subscription with pool id for activation_key update module.
880710 - subscription-manager problems when organization label is different than name
880848 - Typo: Subscripton/Subscription in the Dashboard
880905 - [fr_FR][it_IT][SAM Web GUI] - New Role can not be created
881616 - [ALL_LANG][SAM Web GUI] Usage Limit value to be set as '-1' when uncheck the 'Unlimited' and Save the Activation Key.
882129 - CVE-2012-5603 CloudForms Katello: lack of authorization in proxies_controller.rb
882957 - HTML id attributes are not unique
885096 - Headpin/SAM headpin mode new foreman command 'architecture' should be removed
886137 - Tracker: remove katello-reset-dbs script
886462 - [cli] ping returns $? == 30 (but all services are OK)
890000 - Can not auto-subscribe against SAM-20121221.n.1 server
892639 - SAM Compose : 7th January puddle -> katello-configure failed
892806 - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
895277 - CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS
895282 - CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error
895384 - CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS
896550 - Typo during generation of candlepin.conf


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/