Pulp, along with the Puppet (pulp_puppet) and RPM (pulp_rpm) plugins, have been updated to 2.8.3. This release also includes betas for OSTree plugin (pulp_ostree) version 1.1.1 and the Docker plugin (pulp_docker) version 2.0.1.
The following Security issues were addressed in this release: CVE-2016-3111 (Low Impact): pulp.spec generates its RSA keys for message signing insecurely https://pulp.plan.io/issues/1837 CVE-2016-3112 (Moderate Impact): Pulp consumer private keys are world-readable https://pulp.plan.io/issues/1834 CVE-2016-3107 (Moderate Impact): Node certificate containing private key stored in world-readable file https://pulp.plan.io/issues/1833 CVE-2016-3108 (Moderate Impact): Insecure temporary file used when generating certificate for Pulp Nodes https://pulp.plan.io/issues/1830 CVE-2016-3106 (Low Impact): Insecure creation of temporary directory when generating new CA key https://pulp.plan.io/issues/1827 Details on addressing these vulnerabilities will be released in a followup email later today, and included in subsequent release announcements for 2.8.3 (apologies for not being able to include them in this post). Bugs fixed in this release: OSTree Support 1106 relative_path should be checked for url collision Pulp 1837 CVE-2016-3111: pulp.spec generates its RSA keys for message signing insecurely 1834 CVE-2016-3112: Pulp consumer private keys are world-readable 1833 CVE-2016-3107: Node certificate containing private key stored in world-readable file 1830 CVE-2016-3108: Insecure temporary file used when generating certificate for Pulp Nodes 1827 CVE-2016-3106: Insecure creation of temporary directory when generating new CA key 1824 iso repo publish fails for file in subdirectories 1809 python 2.6 incompatibility during set_importer 1802 Pulp 2.8 client no longer supports sha1 RPM checksum type 1801 Pulp celery_beat and resource_manager are running, but logs say they are not running 1794 A Pulp unit test is failing to find a certificate to be valid 1791 After upgrading from 2.7.1 to pulp 2.8.0 getting 403 error's on all my Pulp repo's. 1784 regression: "pulp-admin rpm repo search" with filters does not work as expected 1771 requests or urllib3 can't read a file which causes Nectar to fail mysteriously 1764 SELinux denial on Celery attempting to read resolv.conf 1601 Migrate /var/lib/pulp/content to new 2.8 storage paths. 1576 content type mongo id searches not working Puppet Support 1780 PLP0000: Update failed (The dotted field 'thomasmckay-rsync-0.4.1-thomasmckay' Python Support 1855 Upload broken RPM Support 1856 publishing kickstart repo fails on EL6 1843 Pulp publishes invalid PULP_DISTRIBUTION.xml metadata 1835 export fails when units are not downloaded 1828 pulp doesn't sync reference title correctly from errata 1813 Handle duplicate key error in comps.xml upload 1812 Comps.xml upload succeeds but units are not associated to the repo. 1808 exporting a sufficiently large repo with 'on_demand' policy results in BSON error 1792 recursive and depsolving unit copy results in PulpExecutionException 1782 <reboot_suggested>None</reboot_suggested> in generated XML for unit with no 'reboot_suggested' 1778 Switching a repository to immediate from on_demand doesn't download its packages 1768 Unable to sync RHEL 5 repositories with a distribution View the full issue list in redmine here: http://bit.ly/1Tsld0E
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
