Foreman 1.2.2 security fix release

Foreman 1.2.2 has been released with two security fixes. We recommend
users update as soon as possible.

The security issues resolved were:

  1. Potential DoS via hosts controller due to symbol conversion
    CVE identifier: CVE-2013-4180
    Issue tracker: Bug #2860: CVE-2013-4180 - Potential DoS in HostsController - Foreman

  2. Privilege escalation as API wasn't restricted to user's hosts
    CVE identifier: CVE-2013-4182
    Issue tracker: Bug #2863: CVE-2013-4182 - Privileges escalation via API - Foreman

Authenticated access to Foreman is required to exploit these issues.
Our thanks to Daniel Lobato of CERN and Marek Hulan of Red Hat for
reporting them to us.

Two additional bugs were fixed, see the release notes for full details:

This release only contains an update to Foreman itself, not the smart
proxy or other projects.

==== Packages ====
From 1.2.x, simply upgrade packages from our repositories to version
1.2.2. If upgrading from 1.1, please see the upgrade notes in the
manual for more information (especially EL6 users).

Package repos are available here:

Puppet modules for foreman-installer also available here:

Tarballs available here:

==== Reporting issues ====
If you have any issues, please follow the usual support process and file
bugs in redmine.

Support information: Foreman :: Support
Foreman: Foreman
Proxy: Foreman
SELinux: Foreman

ยทยทยท -- Dominic Cleal Red Hat Engineering