Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Dec 2012 05:35:59 -0500 (EST)
From: Amos Benari <abenari@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Multiple SQL injection vulnerabilities in the puppetclass.rb and
 search.rb scripts in Foreman 1.0.1

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 allow remote attackers to execute arbitrary SQL commands via multiple parameters. These issues have been assigned the identifier CVE-2012-5648. Source code updates are available at: https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
The issue is now solved in Foreman 1.0.2

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.