Date: Thu, 09 Oct 2014 17:31:52 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2014-3691, foreman-proxy: failure to verify SSL certificates It was discovered that Foreman Smart Proxy failed to verify SSL certificates. As noted in the upstream bug, "This permits any client with access to the API to make requests and perform actions (permitting control of Puppet CA, DHCP, DNS etc.)". (CVE-2014-3691) A mitigation is available from the following: https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo References: http://projects.theforeman.org/issues/7822 https://bugzilla.redhat.com/show_bug.cgi?id=1150879 Cheers, -- Murray McAllister / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.