Adsons

    RedHat: RHSA-2019-0315:01 Moderate: CloudForms 4.6.8 security,

    Date12 Feb 2019
    CategoryRed Hat
    33
    Posted ByLinuxSecurity Advisories
    An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: CloudForms 4.6.8 security, bug fix and enhancement update
    Advisory ID:       RHSA-2019:0315-01
    Product:           Red Hat CloudForms
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0315
    Issue date:        2019-02-12
    Cross references:  RHBA-2019:0110
    CVE Names:         CVE-2018-11627 
    =====================================================================
    
    1. Summary:
    
    An update is now available for CloudForms Management Engine 5.9.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    CloudForms Management Engine 5.9 - x86_64
    
    3. Description:
    
    Red Hat CloudForms Management Engine delivers the insight, control, and
    automation needed to address the challenges of managing virtual
    environments. CloudForms Management Engine is built on Ruby on Rails, a
    model-view-controller (MVC) framework for web application development.
    Action Pack implements the controller and the view components.
    
    Security Fix(es):
    
    * rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    Additional Changes:
    
    This update fixes various bugs and adds enhancements. Documentation for
    these changes is available from the Release Notes document linked to in the
    References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    If the postgresql service is running, it will be automatically restarted
    after installing this update. After installing the updated packages, the
    httpd daemon will be restarted automatically.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1585218 - CVE-2018-11627 rubygem-sinatra: XSS in the 400 Bad Request page
    1641669 - 404 Not Found: When dialog submitted via custom button from datastore object with method and dialog both attached
    1641812 - Retirement Requester not populated after retirement
    1650152 - [RFE] Unable to use AWS tags as RHV tags
    1658480 - Instance evacuation error
    1665284 - Tagging: Unable to edit tag from container provider page
    1667948 - Dynamic drop down code is being executed everytime a service request is opened for review and executed again on approval
    1668847 - Events from OpenStack are delivered in wrong order which causes miss of certain events
    1669627 - SmartState Analysis fails on VMware Vsphere 6.7
    1670202 - The event_streams table does not get auto-vacuumed
    
    6. Package List:
    
    CloudForms Management Engine 5.9:
    
    Source:
    cfme-5.9.8.1-1.el7cf.src.rpm
    cfme-amazon-smartstate-5.9.8.1-1.el7cf.src.rpm
    cfme-appliance-5.9.8.1-1.el7cf.src.rpm
    cfme-gemset-5.9.8.1-1.el7cf.src.rpm
    dbus-api-service-1.0.1-3.2.el7cf.src.rpm
    
    x86_64:
    cfme-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-amazon-smartstate-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-appliance-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-appliance-common-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-appliance-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-appliance-tools-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-gemset-5.9.8.1-1.el7cf.x86_64.rpm
    cfme-gemset-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
    dbus-api-service-1.0.1-3.2.el7cf.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-11627
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html/release_notes
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXGLSo9zjgjWX9erEAQjO2g/+OIKHQj+e1g5Vc/v2ufJG1hoT93FbsxfE
    FE4WjuJaYtQPjCAmXe7qYMb+eWJf97pEzwR61gWgWDWN5C8k2Erl9biHVzvtE0oW
    7IE8V6t5Ittvy1mOwfN/akRorsbh1WgSQYSQ2mDPeiaHdXZ6H+mgn/K8+mkslMOf
    nog+rmWB/WPW+TOjbWVrGVVgC3bg1N/B6UEHEXR8n6lEjYel9ZE4tJXZdVtlOchc
    IS13qGHUKeWSEwC1da9jZTcnd//ikPD84p+/129vcAXm+fRUj5eKNEBxMNEGyGV3
    Rsr+UqDuitQy5LM4j3WFCKlpU5sEKALlbklGxs74//9FQR7/w2PVjSvZKe/k+bJP
    eJxJLvH3uke4yq8Wfnii/t+x4A2F8Xe9S1NjvZ/znEFS3Rz8WnBqKEDh/sSk1n+i
    NQeom30MIzLh9rqLDF/VzeiBApl+7f3sGt7pkadcGFUzZJuoccfk6QYusf38m4GU
    GaXRp29hmiUnFMzUcXbrz+npeYeXOt7Fy9Elk2soqsNsTV++asirUK1SBhHfRv4a
    GS8B4Kxtb13upJL3ylIg66qoIBTHs1YxaivBVo5rR8p5Vt2napcE72LvYS7X3az1
    FtmnQlqN4zGvVW4vSevsA9ngwZADKqyfY6PLKWyWKJPyQTl7qYoOkuPZ8M4APcAq
    m396sncETgI=
    =tJc+
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200