(RHSA-2012:1187) Important: katello security update

Katello allows you to manage the application life-cycle for Linux systems.
Katello is used by Red Hat Subscription Asset Manager, a distributor
application for handling subscription information and software updates on
client machines.

It was found that the katello-common package’s installation script did not
correctly generate the secret token used for session cookie generation,
leading to every default installation using the same secret token. A remote
attacker could use this flaw to create a cookie that would allow them to
log into the Subscription Asset Manager web interface as any user, without
knowing the passwords. (CVE-2012-3503)

All users of Red Hat Subscription Asset Manager are advised to upgrade to
these updated packages, which correct this issue. For instructions on
applying this update, refer to the Subscription Asset Manager Installation
Guide, linked to in the References section.