RHSA-2015:1592High

Red Hat Security Advisory: Red Hat Satellite 6.1.1 on RHEL 6

Published
August 12, 2015
Last Modified
June 27, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2013-4346 — python-oauth2: _check_signature() ignores the nonce value when validating signed urls CVE-2013-4347 — python-oauth2: Uses poor PRNG in nonce CVE-2014-3590 — rhn_satellite_6: cross-site request forgery (CSRF) can force logout CVE-2014-3653 — foreman: cross-site scripting (XSS) flaw in template preview screen CVE-2015-1816 — foreman: lack of SSL certificate validation when performing LDAPS authentication CVE-2015-1844 — foreman: API not scoping resources to taxonomies CVE-2015-3155 — foreman: the _session_id cookie is issued without the Secure flag CVE-2015-3235 — foreman: edit_users permission allows changing of admin passwords

🔗 References (545)