CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

CVE-2012-3503

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

PT-2012-4767 · Red Hat · Katello

Name of the Vulnerable Software and Affected Versions: Katello versions 1.0 and earlier Description: The installation script does not properly generate the Application.config.secret token value, resulting in each default installation having the same secret token. This allows remote attackers to...

Katello: Application.config.secret_token is not generated properly

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

Important: Red Hat Security Advisory: katello security update

Updated katello packages that fix one security issue are now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

sos security, bug fix, and enhancement update

2.2-29.0.1.el6 - Direct traceroute to linux.oracle.com John Haxby orabug 11713272 - Disable --upload option as it will not work with Oracle support - Check oraclelinux-release instead of redhat-release to get OS version John Haxby bug 11681869 - Remove RH ftp URL and support email - add...