Addressing CVEs with Foreman and Katello - DROWN, GHOST

Published CVEs represent an attack vector for your infrastructure. Recently, CVE-2015-0235 revealed a security bug in GLIBC, a key dependency for many packages in Linux (including Foreman!). Just so you can easily understand how key this package is, here’s a visualization made by Rui Vieira from Newcastle University that displays a graph of package dependencies in Ubuntu. Glibc is the dot at the center of the graph.

This is a companion discussion topic for the original entry at