Kafo 0.3.17 security update

An update to Kafo (a component of Foreman installer) has been released
to our Foreman 1.4 and nightly repositories. All users are recommended
to update. This fixes CVE-2014-0135, which affects all versions of Kafo.

Upgrade instructions

··· ==================== RPM users: yum upgrade rubygem-kafo rm -f /tmp/default_values.yaml

Debian users:
apt-get --only-upgrade install ruby-kafo
rm -f /tmp/default_values.yaml


When Kafo (used in the Foreman installer) runs, a
/tmp/default_values.yaml file is written to and created with world
readable permissions. This is prone to race-condition attacks and
contains default values for all parameters, such as autogenerated passwords.

More information at Foreman :: Security

Dominic Cleal
Red Hat Engineering