Login
Newsletter
Werbung

Sicherheit: Verwendung schwacher Verschlüsselung in python-rhsm
Aktuelle Meldungen Distributionen
Name: Verwendung schwacher Verschlüsselung in python-rhsm
ID: FEDORA-2014-13794
Distribution: Fedora
Plattformen: Fedora 19
Datum: Fr, 7. November 2014, 08:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Applikationen: python-rhsm

Originalnachricht

Name        : python-rhsm
Product : Fedora 19
Version : 1.13.6
Release : 1.fc19
URL : http://fedorahosted.org/candlepin
Summary : A Python library to communicate with a Red Hat Unified
Entitlement Platform
Description :
A small library for communicating with the REST interface of a Red Hat Unified
Entitlement Platform. This interface is used for the management of system
entitlements, certificates, and access to content.

-------------------------------------------------------------------------------
-
Update Information:

New features:
- Send list of compliance reasons on dbus
- Added client-side support for --matches on the list command.

Security:
- 1153375: Support TLSv1.2 and v1.1 by default. (CVE-2014-3566)

Bug fixes:
- 1120772: Don't traceback on missing /ostree/repo
- 1094747: add appdata metdata file
- 1122107: Clarify registration --consumerid option in manpage.
- 1151925: Improved filtered listing output when results are empty.
- 990183: Add a manpage for rhsm.conf

-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Oct 23 2014 Alex Wood <awood@redhat.com> 1.13.6-1
- 1153375: Support TLSv1.2 and v1.1 by default. (alikins@redhat.com)
- Set CA PEM files permissions to 644. (awood@redhat.com)
* Thu Oct 16 2014 Devan Goodwin <dgoodwin@rm-rf.ca> 1.13.5-1
- Renamed the "containstext" parameter to "matches."
(crog@redhat.com)
* Thu Oct 16 2014 Devan Goodwin <dgoodwin@rm-rf.ca> 1.13.4-1
- Added support for contains_text to UEPConnection.getPoolsList
(crog@redhat.com)
* Fri Oct 3 2014 Alex Wood <awood@redhat.com> 1.13.3-1
- Make more use of setup.py. (alikins@redhat.com)
* Sun Sep 7 2014 Alex Wood <awood@redhat.com> 1.13.2-1
- Remove a 2.6ism that slipped in. (awood@redhat.com)
* Thu Sep 4 2014 Alex Wood <awood@redhat.com> 1.13.1-1
- version bump (jesusr@redhat.com)
* Fri Jul 25 2014 jesus m. rodriguez <jesusr@redhat.com> 1.12.5-1
- 1120431: Support for complex path matching. (bkearney@redhat.com)
* Thu Jul 3 2014 jesus m. rodriguez <jesusr@redhat.com> 1.12.4-1
- Add required bz flags to tito releasers. (dgoodwin@redhat.com)
- Remove pyqver verbose flag. (alikins@redhat.com)
- Use tox.ini to setup pep8 for 'make stylish' (alikins@redhat.com)
- Update pyqver setup. Set min version of 2.7. (alikins@redhat.com)
- Add libcrypto to list of libs to link to. (bcourt@redhat.com)
* Mon Jun 16 2014 Michael Stead <mstead@redhat.com> 1.12.3-1
- Add 6.6/7.1 release targets. (dgoodwin@redhat.com)
- Add a key_path() to EntitlementCertificate (alikins@redhat.com)
* Tue Jun 10 2014 Devan Goodwin <dgoodwin@rm-rf.ca> 1.12.2-1
- Detect when operating in container mode and load host system's config.
(dgoodwin@redhat.com)
- Convert doc strings to sphinx/restructuredtext (alikins@redhat.com)
- Add setup for using sphinx for docs. (alikins@redhat.com)
* Thu Jun 5 2014 jesus m. rodriguez <jesusr@redhat.com> 1.12.1-1
- bump version to 1.12 (jesusr@redhat.com)
- Add connection method to get available releases (mstead@redhat.com)
* Mon May 26 2014 Devan Goodwin <dgoodwin@rm-rf.ca> 1.11.5-1
- 1090350: fix time drift detection (ckozak@redhat.com)
- 1096676: Use simplejson on RHEL 5. (dgoodwin@redhat.com)
- 1094492: Alternate Subject needs different type that allows more characters.
(wpoteat@redhat.com)
* Mon Apr 28 2014 ckozak <ckozak@redhat.com> 1.11.4-1
* Thu Apr 10 2014 Alex Wood <awood@redhat.com> 1.11.3-1
- Specifically check for brand_name/brand_type="" (alikins@redhat.com)
- Support new apis for guests and hypervisors (ckozak@redhat.com)
* Thu Mar 20 2014 Alex Wood <awood@redhat.com> 1.11.2-1
- Add attributes for brand_name (alikins@redhat.com)
* Thu Feb 27 2014 Alex Wood <awood@redhat.com> 1.11.1-1
- rev version to 1.11.1 (ckozak@redhat.com)
- removed rhel7 releaser (ckozak@redhat.com)
* Mon Feb 3 2014 ckozak <ckozak@redhat.com> 1.10.12-1
- Add request_certs option to getEntitlementList() call (vitty@redhat.com)
* Wed Jan 22 2014 ckozak <ckozak@redhat.com> 1.10.11-1
- Fedora 18 is at end of life. (awood@redhat.com)
* Mon Jan 6 2014 ckozak <ckozak@redhat.com> 1.10.10-1
- make sure server supports guestId data (ckozak@redhat.com)
* Tue Dec 17 2013 ckozak <ckozak@redhat.com> 1.10.9-1
- Removing entitlement cert and key from getEntitlementList (ckozak@redhat.com)
- respect http(s)_proxy env variable for proxy information (jesusr@redhat.com)
* Wed Nov 27 2013 jesus m. rodriguez <jmrodri@gmail.com> 1.10.8-1
- Add the method to retrieve all the subscriptions for an owner
(wpoteat@redhat.com)
* Thu Nov 14 2013 ckozak <ckozak@redhat.com> 1.10.7-1
- getOwnerInfo introduced (vitty@redhat.com)
* Thu Nov 7 2013 ckozak <ckozak@redhat.com> 1.10.6-1
- Fix a crash that occurs when rhsm.conf is missing (ckozak@redhat.com)
- Correct implementation of __eq__ for Content objects. (awood@redhat.com)
- Log ca_dir and loaded ca pems on one line. (alikins@redhat.com)
- Add default full_refresh_on_yum option. (awood@redhat.com)
- Send empty JSON list when deleting all overrides. (awood@redhat.com)
- Add __hash__ method to Content classes. (awood@redhat.com)
- Add method to get all content overrides for a consumer (mstead@redhat.com)
- Add methods to set and delete content overrides. (awood@redhat.com)
- 1008808: json ValueErrors have no .msg attribute (alikins@redhat.com)
* Fri Oct 25 2013 ckozak <ckozak@redhat.com> 1.10.5-1
- 1006748: replace simplejson with 'ourjson' (alikins@redhat.com)
- Log the new requestUuid from candlepin if it is present in the response.
(dgoodwin@redhat.com)
* Fri Oct 25 2013 ckozak <ckozak@redhat.com>
- 1006748: replace simplejson with 'ourjson' (alikins@redhat.com)
- Log the new requestUuid from candlepin if it is present in the response.
(dgoodwin@redhat.com)
* Wed Oct 2 2013 ckozak <ckozak@redhat.com> 1.10.3-1
- Merge pull request #89 from candlepin/alikins/flex_branding
(c4kofony@gmail.com)
- Change brand attr 'os' to 'brand_type' (alikins@redhat.com)
- s/os_name/os (alikins@redhat.com)
- add support for 'os_name' productid attribute (alikins@redhat.com)
* Thu Sep 12 2013 Alex Wood <awood@redhat.com> 1.10.2-1
- 998033: Handle 401 and 403 with no response body (alikins@redhat.com)
- Ignore json errors in validate_response (alikins@redhat.com)
- Add unit tests for Restlib.validate_response (alikins@redhat.com)
- 1000145: Fix deprecated exception message warning. (dgoodwin@redhat.com)
* Thu Aug 22 2013 Alex Wood <awood@redhat.com> 1.10.1-1
- 997194: fix interpolation of default values (ckozak@redhat.com)
- bump version to 1.10.x (jesusr@redhat.com)
- remove 6.5 releaser (jesusr@redhat.com)
* Wed Aug 14 2013 jesus m. rodriguez <jesusr@redhat.com> 1.9.2-1
- remove rhel 5.9, 5.10, 6.3, 6.4 (jesusr@redhat.com)
- Fedora 17 is at end of life. (awood@redhat.com)
* Wed Jul 31 2013 Alex Wood <awood@redhat.com> 1.9.1-1
- fix config failure (ckozak@redhat.com)
- 988476, 988085: fix default hostname, remove excess config list output
(ckozak@redhat.com)
- rev master to 1.9.x (alikins@redhat.com)
- add compliance date option (ckozak@redhat.com)
* Fri Jul 12 2013 Adrian Likins <alikins@redhat.com> 1.8.14-1
- certs check warning period (ckozak@redhat.com)
* Fri Jun 21 2013 Adrian Likins <alikins@redhat.com> 1.8.13-1
- Added autoheal option to updateConsumer (cschevia@redhat.com)
* Fri May 31 2013 jesus m. rodriguez <jesusr@redhat.com> 1.8.12-1
- Update the releasers with a 6.3 (bkearney@redhat.com)
- 967566: Enhance the ssl bindings to expose the issuer. (bkearney@redhat.com)
- Update the dist-git releasers (bkearney@redhat.com)
* Fri May 10 2013 Devan Goodwin <dgoodwin@rm-rf.ca> 1.8.11-1
- Don't attach a question mark to the request if not necessary.
(awood@redhat.com)
- Sanitize consumerId input. (awood@redhat.com)
- Add more test cases for Content.arches (alikins@redhat.com)
- add 'arches' list of arches to Content object (alikins@redhat.com)
- Add optional consumer to getPool. (awood@redhat.com)
* Tue May 7 2013 Devan Goodwin <dgoodwin@rm-rf.ca> 1.8.10-1
- Added core limit to entitlement object. (mstead@redhat.com)
- Codestyle cleanup. (alikins@redhat.com)
* Thu Apr 18 2013 Devan Goodwin <dgoodwin@rm-rf.ca> 1.8.9-1
- add note about check_path squashing '//' in paths
(alikins@redhat.com)
- normalizing path before checking (jsherril@redhat.com)
- two new candlepin API methods (cduryee@redhat.com)
- remove redundant \'s and slight formatting cleanup (alikins@redhat.com)
- replace if "a == None" calls with if a is None (alikins@redhat.com)
- Additional methods for working with owners (cduryee@redhat.com)
* Wed Mar 27 2013 Devan Goodwin <dgoodwin@rm-rf.ca> 1.8.8-1
- no 'json' module in rhel5, use simplejson instead
(alikins@redhat.com)
- Adding plugin directory config option. (awood@redhat.com)
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update python-rhsm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung