Red Hat Security Advisory: CloudForms Commons 1.1 security update
🔗 CVE IDs covered (16)
📋 Description
CVE-2012-1986 — puppet: Filebucket arbitrary file read CVE-2012-1987 — puppet: Filebucket denial of service CVE-2012-1988 — puppet: Filebucket arbitrary code execution CVE-2012-2139 — rubygem-mail: directory traversal CVE-2012-2140 — rubygem-mail: arbitrary command execution when using exim or sendmail from commandline CVE-2012-2660 — rubygem-actionpack: Unsafe query generation CVE-2012-2661 — rubygem-activerecord: SQL injection when processing nested query paramaters CVE-2012-2694 — rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) CVE-2012-2695 — rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) CVE-2012-3424 — rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest CVE-2012-3463 — rubygem-actionpack: potential XSS vulnerability in select_tag prompt CVE-2012-3464 — rubygem-actionpack: potential XSS vulnerability CVE-2012-3465 — rubygem-actionpack: XSS Vulnerability in strip_tags CVE-2012-3864 — puppet: authenticated clients allowed to read arbitrary files from the puppet master CVE-2012-3865 — puppet: authenticated clients allowed to delete arbitrary files on the puppet master CVE-2012-3867 — puppet: insufficient validation of agent names in CN of SSL certificate requests
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2012:1542
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=810069
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=810070
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=810071
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=816352
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=827353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=827363
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=831573
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=831581
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=839130
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=839131
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=839158
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=843711
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=847196
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=847199
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=847200
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1542.json