Red Hat Enhancement Advisory: Release of Satellite 6.0

CVE-2012-6619 — mongodb: memory over-read via incorrect BSON object length CVE-2013-2101 — Katello: Multiple XSS in various entities CVE-2013-2121 — Foreman: app/controllers/bookmarks_controller.rb remote code execution CVE-2013-2882 — v8: remote DoS or unspecified other impact via type confusion CVE-2013-4180 — Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS CVE-2013-4182 — foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation CVE-2013-4201 — Katello: CLI - user without access can call "system remove_deletion" command CVE-2013-4225 — Katello: proxied Candlepin calls authorization bypass CVE-2013-4386 — Foreman: host and host group parameter SQL injection CVE-2013-6639 — v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc CVE-2013-6640 — v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc CVE-2013-6650 — v8: incorrect handling of popular pages CVE-2013-7440 — python: wildcard matching rules do not follow RFC 6125 CVE-2014-0007 — foreman-proxy: smart-proxy remote command injection CVE-2014-0089 — Foreman: Stored Cross Site Scripting CVE-2014-0090 — Foreman: Session fixation CVE-2014-0091 — Foreman: Improper input validation CVE-2014-0135 — rubygem-kafo: temporary file creation vulnerability when creating /tmp/default_values.yaml CVE-2014-0192 — Foreman: provisioning templates are world accessible CVE-2014-0208 — foreman: XSS in key name auto-completion CVE-2014-0241 — rubygem-hammer_cli_foreman: /etc/hammer/cli.modules.d/foreman.yml is world-readable CVE-2014-1704 — v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.149 CVE-2014-3531 — foreman: XSS with operating system name/description CVE-2014-4616 — python: missing boundary check in JSON module