Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
98
security advisorymoderateupdateRedHat: RHSA-2020-4134-01 Moderate: CloudForms API Security Fix
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: CloudForms 5.0.8 security, bug fix and enhancement update Advisory ID: RHSA-2020:4134-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2020:4134 Issue date: 2020-09-30 Cross references: RHSA-2020:3358 CVE Names: CVE-2020-14369 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.11 - x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * cfme-gemset: CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for thesechanges is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672358 - [RFE] Unable to create Service Template via the API 1686077 - [RFE] : Feature request to be able to add a default date/time to Timepicker in dialog 1706848 - Not able to set specific dates and time in for timepicker in service dialog 1713205 - Dialog Dropdown value is not getting selected in first attempt 1723864 - Openstack Director nodes does not show OpenStack Service Status section - OSPD 15 1741633 - Invalid dynamic field causes service dialog to not be save-able 1772762 - [RFE] Size of disks added is not shown when VM_Reconfigure 1794551 - Security group/rule create/delete triggers targeted refresh but doesn't update in UI 1804263 - Mapping fail when selecting public network not directly belongs to the selected project. 1825961 - SmartState sometimes fails to find /var/lib/rpm/Packages file, so software collection reports no packages installed 1846273 - Cloudforms no longer sees vms in resource pools after some targetted refreshes are ran 1846623 - [RFE] "CPU Affinity" not updated for VMs on RHV providers1846624 - [RFE] "Platform Tools" Status is set to "N/A" for all VMs on RHV providers1851087 - [RFE] Scheduled Retirement - Check for Existing "active" Requests before creating new Request. 1856470 - repmgr10.service is failing to start on cfme db appliance reboot 1858079 - using escalate privilage with a nil become_password causes playbooks to get stuck waiting for a password 1858107 - SSA not possible on any RHV datastore depending on navigation to it. 1859388 - Availability zones not showing in dropdown menuwhen adding volume through storage 1859542 - Tag Control dropdown field listing extra value -> 'Nothing Selected' in service order page 1860033 - "Add a provider" button for Ansible Tower disappears after using accordion 1861252 - Dropdown dialog field listing extra value -> 'Nothing Selected' in service order page 1862202 - RHOS 16.1: geneve" Provider Network Type is missing when creating cloud network 1870737 - passwordless sudo command reports error when querying podman/docker containers for OSP16.1 1871921 - CVE-2020-14369 CloudForms: Cross Site Request Forgery in API notifications 1874921 - [RFE] Service Retirement Logging improvement to show Service id 1876974 - Enhance error handle for failing playbook clone 6. Package List: CloudForms Management Engine 5.11: Source: ansible-tower-3.6.5-1.el8at.src.rpm cfme-5.11.8.1-1.el8cf.src.rpm cfme-amazon-smartstate-5.11.8.1-1.el8cf.src.rpm cfme-appliance-5.11.8.1-1.el8cf.src.rpm cfme-gemset-5.11.8.1-1.el8cf.src.rpm repmgr10-4.0.6-4.el8cf.src.rpm x86_64: ansible-tower-venv-ansible-3.6.5-1.el8at.x86_64.rpm cfme-5.11.8.1-1.el8cf.x86_64.rpm cfme-amazon-smartstate-5.11.8.1-1.el8cf.x86_64.rpm cfme-appliance-5.11.8.1-1.el8cf.x86_64.rpm cfme-appliance-common-5.11.8.1-1.el8cf.x86_64.rpm cfme-appliance-tools-5.11.8.1-1.el8cf.x86_64.rpm cfme-gemset-5.11.8.1-1.el8cf.x86_64.rpm repmgr10-4.0.6-4.el8cf.x86_64.rpm repmgr10-debuginfo-4.0.6-4.el8cf.x86_64.rpm repmgr10-debugsource-4.0.6-4.el8cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14369 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX3SOv9zjgjWX9erEAQiOMg//SHKm/wMCHkcsqZPcWjd6l7yetqOo2tHL EpVdaTqWau0KKPMrdfuh9yqIgnTxDzWizD6xAeSgHPKqzMYw+VL2z/rr8MdzlYKK 7FHCsQ5U3lvjRYpnL1/2XI6j95ne6NB5HRQQR3UcsyvDIKYK3b+dE2SDYlJSPJO8 iSt7Uq6BmhjGNtnNOUyAQbGq3wiB1EMwBX49pfAHkXFQYIF18FaaTYZwRNW8RgYc wIxahDgn5/JOh+8TgrLQ+2YsHMIiqqHgfYKKa8a9uSYPiR/uraqtcuAf9ARCG15O YNKAIy4TD3nhKibpqGAgHaZb7t/HtwTubMI2xh0G993ib54W9YqgtcfspF9i32aK x7lvayOp5ufv8PpmXNR8vVmfQU+qvdSdzMB6ldhqU9NauCpe5WpvA0xFEn5JeW/4 zJNGsSb88nffERhZkIo48kG1aG7tk5YvphumL1uR7fpDhYkTOFUnCeXE3PC5YeWY RtHo9tnlGPX9l9aW+hJ3FevMiwg4KxVCqmU8a89v+CYZkbe2IdqCnwjMiWfRmOrb V47dw8a9AMWDJK3CVK3qJ1BF3O2jJkumMh1mMQtEsyFloBlprpJ5TXJeL9RvwW+I owJGB3gh/z2HBCQFhZBxJY+0q6itdqAr1LwpPNReKfZbSRHLSXvI+ey00eiwnqns ly7uPdQyl9s=UcYj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 30, 2020
Red Hat
98
security advisoryupdatered hatRedHat: RHSA-2020-0588-01 Important: CloudForms RCE Threat Mitigated
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: CloudForms 5.0.3 security update Advisory ID: RHSA-2020:0588-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2020:0588 Issue date: 2020-02-25 Cross references: RHBA-2020:0452 CVE Names: CVE-2019-14894 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.11 - x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * CloudForms: RCE vulnerability in NFS schedule backup (CVE-2019-14894) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1769411 - CVE-2019-14894 CloudForms: RCE vulnerability in NFS schedule backup 6. Package List: CloudForms Management Engine 5.11: Source: cfme-5.11.3.1-1.el8cf.src.rpm cfme-amazon-smartstate-5.11.3.1-1.el8cf.src.rpm cfme-appliance-5.11.3.1-1.el8cf.src.rpm cfme-gemset-5.11.3.1-1.el8cf.src.rpm x86_64: cfme-5.11.3.1-1.el8cf.x86_64.rpm cfme-amazon-smartstate-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-common-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-tools-5.11.3.1-1.el8cf.x86_64.rpm cfme-gemset-5.11.3.1-1.el8cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14894 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXlSyv9zjgjWX9erEAQh44Q/9E5uIBeWkfp47qn3Yti8hNgbp747vUqd/ jm6EfGlsjsMcR3uSYKGn7byHxKWVs2YXJA5YzdV3Wq4a2wgM8Y1kro3wvLdOu+Ak woAuEv1VZRQK9EMhg1cGYf4b8ZMBUr6h5SzeLmw7FgFcFiFartlVj2yn6k57vwMZ INPi2SGece5NCxXM466Ksr7oizVtOrZvuV7XqnDp0hH54JEw/8M6vH9bsM1M1NLZ 5y//1upNpPdy0eaIbuyOuu25aV8VBshipnhnizdyb7jFsxZ8tiYy97Va6FsH9R2A 1VbIVPMJb24XlfmtZ4hLdtGVkh6rFWXgmhunn8yrPfWaG8yczPqO1g9QCmt9y8wU veehMhPATZyMekkxJarjC5PSbhpF0o5oXL1PWXdGMCOaYmF+wCv/ZfUFu/yiat2K oY5wZoI8Cb0N6AIGAh17v3H2P3QMl41g41T9w9nZt0HzY5SvZrh34kviQW2/hink WKY+MVtAD8oMR8BIQouxiaYfju4XMk03LGOVfJUjGJZhP2zSU5VytIsll8mqjtzA h8UaJqPp3A2J4WgAzleL3+85wITHRbPvyaGlwhSZsS+xyMP6olwSYSOgViaFsiiv yJzresrOuLGLXMi3ltf70wQwY2u0k126F9t9IFNhHNVYg2+v2Pn3IGif/7FOmBeU U9zp/DrQ354=oMfo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 25, 2020
•Important
Red Hat
98
security advisorymoderatered hatRed Hat CloudForms 5.11: RHSA-2019-4201-01 Moderate: DoS Fix for Rubyzip
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: CloudForms 5.0.1 security, bug fix and enhancement update Advisory ID: RHSA-2019:4201-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2019:4201 Issue date: 2019-12-12 Cross references: RHBA-2019:40571 CVE Names: CVE-2019-16892 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.11 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * cfme: rubygem-rubyzip denial of service via crafted ZIP file (CVE-2019-16892) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for thesechanges is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1713400 - [RFE] Cloud Key pair don't have relationships with owner and group that build this key 1730066 - Unable to view AWS keypair list as tenant_administrator 1747179 - [Regression] [ActionView::Template::Error] undefined method `tenant_group?' while setting ownership for key pairs1767548 - Remove .py extension from calls to virt-v2v-wrapper 1767549 - Run the preflight check of migration task before waiting for a conversion host 1767550 - [RFE] Add ability to remove all snapshots asynchronously 1767645 - [RFE] Hide the Configuration -> Database screen 1767646 - Unassigned buttons of a Service shows when its Catalog Item has custom buttons 1767647 - Unable to access "Automate/Requests" tab for a role without exposing "Service/Requests" 1767648 - Server Error (API) when creating Orchestration Template with duplicate content 1767656 - [Regression] Unable to capture memory metric from Azure instances 1767659 - Chargeback report preview fails 1767660 - Service Requests Requester dropdown not sorted 1767774 - appliance_console_cli returns 0 on failure 1767775 - [RFE] Add AWS Bahrain region to CFME 1767776 - [RFE] - Update Host/Node filter to reflect supported versions of ESX 1767777 - Typo on list of Host/Nodes global filters -- Status / Orphaned 1767783 - [RFE] Dis-allow the addition of ESX hosts directly 1767784 - Unable to receive "generalize" event from Azure after generalizing an instance 1767786 - API should not declare HTTP DELETE verb on pxe_servers collection 1767788 - The UI warning about RSA is deprecated and nottrue anymore. 1767789 - Passwords stored in variables(extra_vars) are visible in clear text in the Appliance evm.log 1767790 - there are exceptions "rescue in type_cast" in logs in global and remote region appliances 1767791 - Chargeback reports not working 1767796 - Add support for VM conversion host in RHV 1767809 - UI crashes when going to Details of Azure Network Port somehow associated to Load Balancers1767810 - Traceback when clicking on Overview > Chargeback > Reports 1767811 - [RHV] Last Boot Time is "N/A" for VM if you shutdown guest 1767818 - [Regression] top_output.log only showing ruby and not the process names 1767819 - unable to remove duplicate guest devices due to memory 1767821 - [RFE] Remove list view button on my service sui page if there is no use of it 1767823 - [RFE] Generic Object builder tab cycle missing the add (commit) remove buttons 1767824 - multiple workers start the same retirement when retirement date is reached 1767833 - [UI] Erroneous behavior of spinner and spinner box in advanced search loading 1767834 - Refresh of OpenShift provider in CloudForms happen to panic apiserver 1767835 - Changing groups with a user assigned to multiple groups logs out of appliance 1767836 - Choice in Drop Down that References Category (Tag Control Item) is Incorrect 1767837 - [RFE] Automating the generation of widget content Via RESTAPI 1767880 - evm.log is full of error messages "cannot obtain exclusive access to locked queue" 1767881 - Host creds validation fails if host's ssh key has changed before 1767885 - [RFE] VMware guests are incorrectly marked as linked_clone true, remove attribute 1767886 - [RFE] custom service catalog icons being deleted are not actually deleted 1767895 - [NoMethodError]: undefined method `path' for nil:NilClass Method:[block (2 levels) in ] during scheduled NFS backup 1767896 - Lifecycle retirement fails for user that no longer has groups 1767901 - [RFE] automate method to delete a tag from a category 1768456 - Date picker takes a date previous to what is selectedin the dialog 1768517 - [RFE] validate infra mappings 1768520 - [v2v] Ordering a migration plan, that contains MIGRATED VM/s, fails with an unclear error message. 1768525 - Remove Automate code for TransformationHost 1768530 - Add conversion host validation for config params 1768576 - Sporadic 404 Error when deleting custom button on generic object class 1768638 - [RFE] Import/export schedules to replicate on other sites 1771298 - CVE-2019-16892 cfme: rubygem-rubyzip denial of service via crafted ZIP file 1771737 - ping endpoint fails with "Error caught: [ActionView::MissingTemplate] Missing template ping/index" 1773666 - [RFE] Custom button: generic class level button deletion not showing a specific flash message 1773667 - Incorrect flash when custom button under generic object class is deleted 1775684 - Need the ability to configure the appliance for SAML using the appliance console CLI. 6. Package List: CloudForms Management Engine 5.11: Source: cfme-5.11.1.2-1.el8cf.src.rpm cfme-amazon-smartstate-5.11.1.2-1.el8cf.src.rpm cfme-appliance-5.11.1.2-1.el8cf.src.rpm cfme-gemset-5.11.1.2-1.el8cf.src.rpm ovirt-ansible-hosted-engine-setup-1.0.28-1.el8ev.src.rpm v2v-conversion-host-1.15.0-1.el8ev.src.rpm noarch: ovirt-ansible-hosted-engine-setup-1.0.28-1.el8ev.noarch.rpm v2v-conversion-host-ansible-1.15.0-1.el8ev.noarch.rpm x86_64: cfme-5.11.1.2-1.el8cf.x86_64.rpm cfme-amazon-smartstate-5.11.1.2-1.el8cf.x86_64.rpm cfme-appliance-5.11.1.2-1.el8cf.x86_64.rpm cfme-appliance-common-5.11.1.2-1.el8cf.x86_64.rpm cfme-appliance-tools-5.11.1.2-1.el8cf.x86_64.rpm cfme-gemset-5.11.1.2-1.el8cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-16892 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXfLc99zjgjWX9erEAQgVug//cS6v6+UjWVh5+5Ij3k28/IeCUXPnbqYh drgvJLiSBhwiqINZzwBKi80Usi5E47y2l+NkqMUl+E5cdicQ5YPQFyqsHlRaYPLp OlSu31/R9WMuvk2epasXavGpOmbAsJ2NrY99Y/jFiyhC1urhZHITFuBbUjgfXa91 eMbW6dHnOvW6+AIeDevwK9klYuplRsT65ievb3DZlRMfMPhbf5EebO/xgDsJprba X6ToWstSKAOlGY9urluK8DNu/0HprD3gn4crEwM37Q/yPxiLwPUjBL9lwbnjDe1g 8VTGyAXXoZagjcXQC0bZCC7s6TVj3jxpAXzsbb0+bxcoRA/viGu8RxxH50TM5inO 7z57AXI4cm9AnyMfbQyWM5R7LM6P6HfLEPpbMQPHMJiShQVq9m6wyPvM6I+1K0ip 9kH37Js3tlqq5gF6nUvnK/ov+R/zkBfUC4Vd8o2AcaljQ5ovzzMYlqAzheVdMY9z W2Db1M4S+rrmkUnZKlDccRu/JlI3ix4pnmXVpZSOLut38FELGrc4SxZrrMZIXabU ODBG/2ImrIBmA9KBhwJ71ca/lXK02rJDsQPXF78NsnhAD/jj+B7FcL1YZsLf2Klw 4cYMWMmOIHnmYflDQb0U4Wk1F8UR2hULiHzDX1yObGCNZKM9eJCYDHMHGOcAA5MV qtZ47loIgIk=TXD1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 12, 2019
Red Hat
98
security advisorymoderatered hatRed Hat CloudForms 4.7.9 Moderate Security Update: RHSA-2019-2587-01
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: CloudForms 4.7.9 security, bug fix and enhancement update Advisory ID: RHSA-2019:2587-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2019:2587 Issue date: 2019-09-05 Cross references: RHSA-2019:2466 CVE Names: CVE-2018-10854 CVE-2019-11358 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.10 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * cloudforms: stored cross-site scripting in Name field (CVE-2018-10854) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, referto the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1590538 - CVE-2018-10854 cloudforms: stored cross-site scripting in Name field 1677580 - Bump oVirt Ansible roles included in the Appliance to latest released 1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection 1733376 - Custom Button: button with dialog on Container Provider after execution lands on Infrastructure Providers page 1737123 - Cloud Intel > Reports not accessible with 503 service unavailable 1737618 - Cloud volumes are missing on Relationships of cloud provider summary view 1738266 - Child tenant users unable to load 'Compute > Infrastructure > Virtual Machines > VMs' 1740227 - Unexpected error while performing operations on vm listed under cluster 1740228 - subscriptions disappear after saving changes 1740229 - Validation failed: MiqSchedule: Name has already been taken 1740230 - Cloud Tenant Placement is ignored in Add New Network Router for OpenStack Network Manager 1740767 - Targeted refresh does not occur for openstack 1740769 - Title of the ansible playbook method's edit page is incorrect 1740844 - Refresh of a dynamic field will hang if the name of the field contains word “password” 1741634 - [RFE] - OpenStack provider is incorrectly listing all the key pairs1741635 - Unable to view AWS keypair list as tenant_administrator 1741944 - Custom Button:button with dialog on storage manager after execution lands on wrong page 1741945 - Custom Button: button with dialog on Network Manager after execution lands on Infrastructure Providers page 1743266 - Fatal error Couldn't find Service with id for DRO button 6. Package List: CloudForms Management Engine 5.10: Source: cfme-5.10.9.1-1.el7cf.src.rpm cfme-amazon-smartstate-5.10.9.1-1.el7cf.src.rpm cfme-appliance-5.10.9.1-1.el7cf.src.rpm cfme-gemset-5.10.9.1-1.el7cf.src.rpm ovirt-ansible-hosted-engine-setup-1.0.23-1.el7ev.src.rpm ovirt-ansible-roles-1.1.7-1.el7ev.src.rpm ovirt-ansible-vm-infra-1.1.19-1.el7ev.src.rpm v2v-conversion-host-1.14.2-1.el7ev.src.rpm noarch: ovirt-ansible-hosted-engine-setup-1.0.23-1.el7ev.noarch.rpm ovirt-ansible-roles-1.1.7-1.el7ev.noarch.rpm ovirt-ansible-vm-infra-1.1.19-1.el7ev.noarch.rpm v2v-conversion-host-ansible-1.14.2-1.el7ev.noarch.rpm v2v-conversion-host-wrapper-1.14.2-1.el7ev.noarch.rpm x86_64: ansible-tower-3.5.2-1.el7at.x86_64.rpm ansible-tower-server-3.5.2-1.el7at.x86_64.rpm ansible-tower-setup-3.5.2-1.el7at.x86_64.rpm ansible-tower-ui-3.5.2-1.el7at.x86_64.rpm ansible-tower-venv-ansible-3.5.2-1.el7at.x86_64.rpm ansible-tower-venv-tower-3.5.2-1.el7at.x86_64.rpm cfme-5.10.9.1-1.el7cf.x86_64.rpm cfme-amazon-smartstate-5.10.9.1-1.el7cf.x86_64.rpm cfme-appliance-5.10.9.1-1.el7cf.x86_64.rpm cfme-appliance-common-5.10.9.1-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.10.9.1-1.el7cf.x86_64.rpm cfme-appliance-tools-5.10.9.1-1.el7cf.x86_64.rpm cfme-debuginfo-5.10.9.1-1.el7cf.x86_64.rpm cfme-gemset-5.10.9.1-1.el7cf.x86_64.rpm cfme-gemset-debuginfo-5.10.9.1-1.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-10854 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXCccNzjgjWX9erEAQgIgw//bxJ5nTHcVGSBlMfUe02QRwPqi46/zjyg Tr80PgDmVSk9L/HNJ3wNyjFk+vAXZZRSWmAQzhZ+UQie8F2KItaMgYw3f+Rxa2WJ a3ZxQyptzxbfMO62HnLX6H1ZGFdE10WcC1jtud7s/M8ZsKqRi/o1uQ+Qu7ij7Ekm AVf6Apd2kK620qsT9h/cUiHwKA+beOeukXRbSoZTRIqycPwKDorqZieo7q5urJJt UmtLTzKqgxUu7ToTxKcRBc+G9HZKMykE4QSHEVNKa3DPK3knc7PUWPqu3FjNlR/b GbUYXCkL5U0Z4owLK9wYpHnMGSwawRNBYZ9fXhglSAwkDXHcrmG19rafQxOLesaG p3aSFm+BN9tpFSybsScZNhuS/NzDHpRainUoI5iXH0SBV9ziC/rFSORK4E1luB+Q VbZxn7BD7VOlIeUfq2f610chS+bC4Ua2EuG6L8C+W696GdRXbeftZQKqGUm2+VpM 4UhkwQZqKKRlBxym0dSmtFoG0zeK3q+lRqodpOnV9JCRAB1YwRb332ASC19qgeGG ofk0CbZQt89oCyoeDlL8DKsFIvXKnrIuJBnp+9g13jTdwyCqcghR+eQvk0lk/E6t 6bSIuchB+fumeBvuTjnCY+4JsN4OiPznaHOD37AChoP34qFaIKIdXJ56gms9o8gn sIjJywr9YQ8=46uW -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 05, 2019
Red Hat
98
security advisorymoderatered hatRedHat: RHSA-2019:2466-01 Moderate: CloudForms Management Engine
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: CloudForms 4.7.8 security, bug fix and enhancement update Advisory ID: RHSA-2019:2466-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2019:2466 Issue date: 2019-08-13 Cross references: RHSA-2019:1833 CVE Names: CVE-2019-10159 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.10 - x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * cfme-gemset: Improper authorization in migration log controller allows any user to access VM migration logs (CVE-2019-10159) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and addsenhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1703461 - Amazon EC2 missing regions in CloudForms UI 1703474 - [RFE] Add m5a, r5a and t3a instance types to CFME 1718080 - CVE-2019-10159 cfme: Improper authorization in migration log controller allows any user to access VM migration logs 1723833 - retiring two services at the same time leads to only the vms of the first service being retired 1726313 - When trying to assign a tag to a VM you are logged out of Cloudforms 1727443 - Building the services tree takes too long when having 1000+ services 1728270 - appliance_console: After configuring the "Logfile Configuration" and then running "Harden Appliance Using SCAP Configuration", the old filesystem is not removed from fstab 1728403 - Cannot create database in appliance_console in ec2 env with newer instance types(t3,c5,c5d,m5d) 1728706 - Different User is Being Shown as the Requester for a Lifecycle Provision in Automation Log 1728707 - Add AWS GovCloud(Us-East) to disabled_regions by default 1728708 - [RFE] Add m5ad, m5.metal, md5.metal, r5.metal, r5ad, r5d.metal and z1d.metal AWS instance types to CFME 1728889 - Cannot retire service which has a VM that has been retired first 1731157 - api permissions to create a picture not granted unless all permissions granted 1731237 - RHV provider is recreating guest_devices on every refresh 1731977 - Default service dialog values not included in EVM when 'refresh_dialog_fields' action invoked 1731991 - Submit button is disabled when DatePicker and TimePicker fields set as required indialog 1731992 - Custom button: on Container Volumes with dialog not working 1732117 - service template update with REST API result undefined method `key?' for nil:NilClass 1732156 - RHT branding correction 1733290 - [logo change request] Time for new logo in SSUI favicon 1733375 - attempting to copy and save a service dialog with the same name results in dialog fields being duplicated 1734122 - The ' Apply ' button doesn't work for Advance Filters in CloudForms 6. Package List: CloudForms Management Engine 5.10: Source: cfme-5.10.8.0-1.el7cf.src.rpm cfme-amazon-smartstate-5.10.8.0-1.el7cf.src.rpm cfme-appliance-5.10.8.0-1.el7cf.src.rpm cfme-gemset-5.10.8.0-1.el7cf.src.rpm rubygem-nokogiri-1.8.5-1.el7cf.src.rpm x86_64: ansible-tower-3.5.1-1.el7at.x86_64.rpm ansible-tower-server-3.5.1-1.el7at.x86_64.rpm ansible-tower-setup-3.5.1-1.el7at.x86_64.rpm ansible-tower-ui-3.5.1-1.el7at.x86_64.rpm ansible-tower-venv-ansible-3.5.1-1.el7at.x86_64.rpm ansible-tower-venv-tower-3.5.1-1.el7at.x86_64.rpm cfme-5.10.8.0-1.el7cf.x86_64.rpm cfme-amazon-smartstate-5.10.8.0-1.el7cf.x86_64.rpm cfme-appliance-5.10.8.0-1.el7cf.x86_64.rpm cfme-appliance-common-5.10.8.0-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.10.8.0-1.el7cf.x86_64.rpm cfme-appliance-tools-5.10.8.0-1.el7cf.x86_64.rpm cfme-debuginfo-5.10.8.0-1.el7cf.x86_64.rpm cfme-gemset-5.10.8.0-1.el7cf.x86_64.rpm cfme-gemset-debuginfo-5.10.8.0-1.el7cf.x86_64.rpm rubygem-nokogiri-1.8.5-1.el7cf.x86_64.rpm rubygem-nokogiri-debuginfo-1.8.5-1.el7cf.x86_64.rpm rubygem-nokogiri-doc-1.8.5-1.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-10159 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIVAwUBXVKnutzjgjWX9erEAQiOlQ//Y09M06D9j+gqb2WxboRL5BqpUKPDdyY9 N9i4VzbLTZjS8GJrED6brdUdjkA7q80/gfssYU55oaJJQev4nhluelKJny7fx4mG xPqV43LaJSFcHfE1cno24NilH8NkZWnqoeUHiOdNHEcsWNPfU9o1W+Ss4HMmsNuD XP+EeFjpwTSpBROptR4CR8W6Mo6yNz6ZH6tc8GYZzGgbXjWfl30M0RrtRCOCA+wr NQrTlacfNSS+8ROHg6lteuX0p3Ibo34FCAKrcHzBxlr444N7pkzWMJh697M5soVt V3Sk2xQk0lASSmEBvlu21ErUTNw/DZBum7ijSfHSVG/3y8FXBLJQpc1RAfPHdou/ DaKQ+gE8peXlpTMKjOPna7mVmlmUvdmAIUuHoUI0fgJHj9t2l0UGJyQ5aZzg5xV1 z613not+x7L184dxoHoagMlf9BhqFyRWKp9e1Bro8OhsMO2PUE2C7HLgumsu0v6D BSsF/fpBxwv5/cJ6VaH8GmvhqpE3Gr5yXDjJ8ny4jAsyHdUdsym17HjNV91z6KAp 7P3uxjpuebDThIpKQ12kudT4+QuuikMXdEdGGkS4dQ3kcadDLH9Nnfdys+4BlCjC UA7/1esF+6QSYH464832I1HAYmCOOndIje5Is5wFP8hbA5Md6zMgQbigp6eHg+Sm qhKU31e3zhc=cfVz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 13, 2019
•Important
Red Hat
98
security advisorysecurity issuebug fixRedHat: RHSA-2019-1429-01 Important: CloudForms Management Engine Security
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: CloudForms 4.7.5 security, bug fix and enhancement update Advisory ID: RHSA-2019:1429-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2019:1429 Issue date: 2019-06-11 Cross references: RHBA-2019:1247 CVE Names: CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.10 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) * rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320) * rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321) * rubygems: Escape sequenceinjection vulnerability in gem owner (CVE-2019-8322) * rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323) * rubygems: Escape sequence injection vulnerability in errors(CVE-2019-8325) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1669023 - Network-> Providers fails to refresh RHV Provider Network Manager with error Network-> Providers fails to refresh RHV Provider Network Manager with error 1692512 - CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar 1692514 - CVE-2019-8321 rubygems: Escape sequence injection vulnerability in verbose 1692516 - CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner 1692519 - CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling 1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution 1692522 - CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors1703104 - [v2v] [RFE] Enable the Conversion Hosts settings page and wizard in the UI 1710497 - Issues found when modifying roles assigned to buttons 1710578 - Dynamic Field becomes blank on clicking on Refresh button in Service dialog 1710606 - evm.object['value '] can not be used in other field 1710608 - refresh methods are unableto populate textarea fields with yaml content 1710610 - Dialog passing nil value even though value is set 1710998 - Assigned filters don't work if datastore is deleted which has the filter assigned and it shows every cluster regardless of the assignment 1711031 - [v2v] [RFE] Add ability to download Conversion Host enablement playbook log from UI 1711032 - [RFE] Filter out ISO and Export storage domains for RHV Infra Mapping wiizard 1711033 - [v2v] [RFE] Add info popover to VDDK Library Path field in Configure Conversion Host wizard 1711034 - [v2v][RFE] Completed Migration plans cannot be ordered by execution order 1711035 - Extra variables are not passed properly to ansible when configuring conversion host 1711036 - [V2V][OSP] End to end migration not able to proceed with false "no conversion host was configured" error 1711283 - infinispinner on selecting/deselecting search filter in vms/instances view 1711285 - [V2V][OSP] Can not detect if conversion instance is enabled/added on OSP project in infra map 1711957 - [RHV 4.3] IP Address Not Always Being Displayed in CFME 1711981 - Unable to view service tree hierarchy 1712135 - [V2V][RHV][VDDK][SSH] Migration failing with 'rescue in run_conversion' error in automation 1712440 - Cannot create a group after validation message 'Description is not unique' 1712595 - VM Provisioning Timeout - EMS needs manual refresh to see 'new' VMs 1713477 - service bundle retirement requests that hit an error cannot be attempted again due to way the state is handled 1713731 - [V2v][UI] 'Configure' button of authenticate modal from conversion host UI need to be responsive on 'verify TLS' bootstrap switch 1713732 - [V2V][UI] Wrap migration details page's popover appropriately on errors1717500 - After upgrade the dynamically popullated "text area" fields pass null to ansible tower templates. 1717501 - Values from a dialog element populated from a dynamic method are not always passed to service or button method. 6. Package List: CloudForms Management Engine5.10: Source: cfme-5.10.5.1-1.el7cf.src.rpm cfme-amazon-smartstate-5.10.5.1-1.el7cf.src.rpm cfme-appliance-5.10.5.1-1.el7cf.src.rpm cfme-gemset-5.10.5.1-1.el7cf.src.rpm ruby-2.4.6-91.el7cf.src.rpm noarch: ruby-doc-2.4.6-91.el7cf.noarch.rpm ruby-irb-2.4.6-91.el7cf.noarch.rpm rubygem-minitest-5.10.1-91.el7cf.noarch.rpm rubygem-power_assert-0.4.1-91.el7cf.noarch.rpm rubygem-rake-12.0.0-91.el7cf.noarch.rpm rubygem-rdoc-5.0.0-91.el7cf.noarch.rpm rubygem-test-unit-3.2.3-91.el7cf.noarch.rpm rubygem-xmlrpc-0.2.1-91.el7cf.noarch.rpm rubygems-2.6.14.4-91.el7cf.noarch.rpm rubygems-devel-2.6.14.4-91.el7cf.noarch.rpm x86_64: cfme-5.10.5.1-1.el7cf.x86_64.rpm cfme-amazon-smartstate-5.10.5.1-1.el7cf.x86_64.rpm cfme-appliance-5.10.5.1-1.el7cf.x86_64.rpm cfme-appliance-common-5.10.5.1-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.10.5.1-1.el7cf.x86_64.rpm cfme-appliance-tools-5.10.5.1-1.el7cf.x86_64.rpm cfme-debuginfo-5.10.5.1-1.el7cf.x86_64.rpm cfme-gemset-5.10.5.1-1.el7cf.x86_64.rpm cfme-gemset-debuginfo-5.10.5.1-1.el7cf.x86_64.rpm ruby-2.4.6-91.el7cf.x86_64.rpm ruby-debuginfo-2.4.6-91.el7cf.x86_64.rpm ruby-devel-2.4.6-91.el7cf.x86_64.rpm ruby-libs-2.4.6-91.el7cf.x86_64.rpm rubygem-bigdecimal-1.3.2-91.el7cf.x86_64.rpm rubygem-did_you_mean-1.1.0-91.el7cf.x86_64.rpm rubygem-io-console-0.4.6-91.el7cf.x86_64.rpm rubygem-net-telnet-0.1.1-91.el7cf.x86_64.rpm rubygem-openssl-2.0.9-91.el7cf.x86_64.rpm rubygem-psych-2.2.2-91.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-8320 https://access.redhat.com/security/cve/CVE-2019-8321 https://access.redhat.com/security/cve/CVE-2019-8322 https://access.redhat.com/security/cve/CVE-2019-8323 https://access.redhat.com/security/cve/CVE-2019-8324 https://access.redhat.com/security/cve/CVE-2019-8325 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXP89FdzjgjWX9erEAQgZqw//S2xOjT6hKor3EYrTwZM7KRT6nQSVB0eP 2Dgq0FkILavSPsOWB7swMeYKcp2mig5FEIKJY9w/BTxW/veu0CsXOwqgv+d25s1D dyMz4ujbF0HeExG8KHCNR22juMU6ZovO35k0QJzpTCoyh/B+GK9kJFnwsuBpMCl1 n/42AjK6h5EeV1ZDnfErtxhDo0MOHERnA4zyJPMzYd41Npt6cTsPrOhcwAObm02F ARfNn7Lr7zDlQN/5YPJdkR1V6OF3svUx2d6k5kgkfzi1W4Tfz84KcvGRmQ7jx6FU t2BhnM7joB5juMy35u2AFyX8jWOIAmnYhwYB1ijONMebyBS1Q2oVo3gW+jSLS941 j8EL3CbG4WlO5mnM3oljder0QXILcmivFLXuh53sf/ipi/q1IhG7rm6TNn3pLE8G x18oGj6ESiX77DFtiuao7nO4ftx6i1a2V4+7vmwWgIq+oIFGkOsjF/+hiq9K13sZ Yh7lfgL5Ncb5y8/DW84wgOn0nismxv4UrfItnCxJi1V5mpjw1dXPWqsZI68yx9rl eiqV/GKvI7Td3kRUgrH4ze61j7wGlKvEkVpJ3YifVMZNmG0yuOzz8APpMe8f0gwO ngspKqQT6lIBazmcI5FIAirqwySfw7ibX0xoMadtdLbSOkCw2J2MvovOg63UoN49 /6EOWQvXPoU=L5UP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 11, 2019
•Important
Red Hat
98
security advisorydenial of servicesecurity issueRedHat: RHSA-2019-1289-01 Important: CloudForms Security Update
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: CloudForms 4.6.9 security, bug fix and enhancement update Advisory ID: RHSA-2019:1289-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2019:1289 Issue date: 2019-05-29 Cross references: RHSA-2019:0600 CVE Names: CVE-2019-5418 CVE-2019-5419 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.9 - x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418) * rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: Thisupdate fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1688871 - Unable to see dialog details passed to catalog after upgrade from 5.9.4 to 5.9.6 1689159 - CVE-2019-5418 rubygem-actionpack: render file directory traversal in Action View 1689160 - CVE-2019-5419 rubygem-actionpack: denial of service vulnerability in Action View 1695655 - [RFE] Metrics for memory usage of AWS instances needs to be collected from CloudWatch new Agent 1696363 - Different syntax by Service Request in Master region 1704340 - OpenStack Snapshot Image Doesn't Inherit the Same Cloud Tenant as the Instance 6. Package List: CloudForms Management Engine 5.9: Source: cfme-5.9.9.3-1.el7cf.src.rpm cfme-amazon-smartstate-5.9.9.3-1.el7cf.src.rpm cfme-appliance-5.9.9.3-1.el7cf.src.rpm cfme-gemset-5.9.9.3-1.el7cf.src.rpm x86_64: cfme-5.9.9.3-1.el7cf.x86_64.rpm cfme-amazon-smartstate-5.9.9.3-1.el7cf.x86_64.rpm cfme-appliance-5.9.9.3-1.el7cf.x86_64.rpm cfme-appliance-common-5.9.9.3-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.9.9.3-1.el7cf.x86_64.rpm cfme-appliance-tools-5.9.9.3-1.el7cf.x86_64.rpm cfme-debuginfo-5.9.9.3-1.el7cf.x86_64.rpm cfme-gemset-5.9.9.3-1.el7cf.x86_64.rpm cfme-gemset-debuginfo-5.9.9.3-1.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2019-5418 https://access.redhat.com/security/cve/CVE-2019-5419 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXO5+INzjgjWX9erEAQh1SxAAi8mVRISvDeLCi+/Vw525NXKaV/1Clzgp 3Ir5Cwxqr6xOwH/4HEFAbhQOJfYiO6m/ewQ6nmZZB8LYjRS/x7J5sLDvi0iSFmCI IyQ7IHMMiypxDwpj0two4S/MoxO93Y9xd32MUPsh/717sstzNgeEs/DPjsOxje4p ne35r2KPZAuB2ckRgiFKEYdyj2vDIDQ8XEjJ9jRZZtmRSaYwNSxl5VhKpJM4mBSv TXKtcQO2o2vxMOg7KkoPQsaKNEgiac95plawdV7hEDYhNvSwM68Bi4neaRxtHd1D SIKYAmHtRZrl/fdiEFkIhri0qZuhNxwwCM19DWH9znAd2+bNLMDurwpRaKHHSa8J TPkV17+IYfC4DxQ/5nDoQn3OWNi1j2YA6ExKRavBoQCN4l8fy6AkXAaEdiahIN1h vfTVfJ6iu/43r6NqBjzRlCNR548uZe0XreB624vNFcx2A5oWsMIzRauVGCQcgWVH zL4YYaWhH+60X7g4u69KMi6GcxVsdH9UGxPfHEjKhx7WD2/rdsmYQ9x5fU3ALbma PPPziHR+u2WSShy8tQRhHT3XskrMMs71Yc+ltQEiDv6HlRWVvBL+UI2Xjj6TSBEW 6MfJ7J1E544MwMGOTCV5mWjKQ6WcbjsM6DARBUlVKODdXTLQxOJC3jFbVJzYo3XR P934/jZH+YU=JpMe -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 29, 2019
•Important
Red Hat
98
security advisoryRed Hatremote code executionRedHat CloudForms 5.9 RHSA-2018:1328-01 Critical RCE Vulnerability Alert
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: CloudForms 4.6.2 bug fix and enhancement update Advisory ID: RHSA-2018:1328-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2018:1328 Issue date: 2018-05-07 Cross references: RHBA-2018:0556 CVE Names: CVE-2018-1101 CVE-2018-1104 CVE-2018-7750 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.9 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) * ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101) Red Hat would like to thank Graham Mainwaring of Red Hat for reporting CVE-2018-1101. * ansible-tower: Remote code execution by users with access to define variables injob templates (CVE-2018-1104) Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1495849 - [ALL_LANG] VM or Template comparison screen has untranslated entries. 1510499 - With RHV Graph refresh template numbers in Provider inventory does not get updated correctly. 1526086 - [ALL_LANG] Compute - Containers - Container Builds page has missing translations 1526088 - [ALL_LANG] Compute - Containers - Pods page has missing translations 1530680 - xClarity: EvmRole-operator unable to view physical server summary page 1530760 - [ALL_LANG] Control - Explorer - Policy Profiles - All Policy Profiles : 'Policy' is not localized 1533220 - [ALL_LANG] Control - Explorer - Actions - All Actions - Configure - Add a new Action : 'Action Type' drop-down menu has untranslated entries 1533233 - On Tag Assignment page Category has other Tags than preconfigured for it 1533515 - [ALL_LANG] User Icon - Configuration - Access Control - Roles : Add new Role has untranslated entries 1538094 - [ALL_LANG] User Icon - Tasks : untranslated entry 1538100 - [ALL_LANG] User Icon - Configuration - Settings - CFME Region: Region xx[xx] has untranslated entry 1549625 - webui updates failing when a proxy is required 1549722 - WebUI: Tool tip displays html code while setting the ownership for multiple vm's 1550728 - Replication configuration page does not open when child database isdown 1550730 - [Ansible Embedded] - Embedded Ansible cannot be enabled on IPv6 only appliance 1550736 - unable to view quotas without manage quota permissoin being enabled in 5.8.2 1551692 - internal server error ActiveRecord::AssociationTypeMismatch when editing current_group 1551696 - Colons are unhandled in BaseModel key generation in AzureArmrest 1551698 - Not possible to configure GCE provider for new regions (southamerica-east1) on CFME 1551703 - RHOS: Unable to delete cloud tenant 1552266 - Duplicated choice exist in new alerts view 1552269 - Network router type string contains ManageIQ path 1552278 - Authentication issue for checking status of Task API via EvmRole_administrator privileged User 1552282 - [RFE] Make Automation State Machine Log Lines Uniform 1552288 - [RFE] Metrics for memory usage of AWS instances is missing from C&U 1552290 - AWS Smartstate Does Not Fail Gracefully if AMI To run Analysis Agent is Unavailable 1552301 - Azure Template to service Dialog conversion issue 1552303 - [Azure]Provision Multiple VMs with Public IP selection options 1552305 - GCE Region is useless in GCE Provider 1552323 - xClarity: server-host relationship to hosts managed by RHEV-M provider not created. 1552334 - Nuage provider name is always displayed as " Network Manager" on GUI 1552335 - EventCatcher is not restarted when Nuage provider is updated 1552671 - [RFE][XS-2] Add possibility to unregister a VM in RHV provider 1552673 - Cloudforms doesn't show IP of vms on vCloud provider 1552677 - VM does not have deletion event on its own timeline on vsphere55 1552704 - Default Docker Labels for Labeled Images in Chargeback Assignments 1552707 - Wrong error displayed when trying to add a group without a name 1552723 - Can't Manage Report Menu Accordions and Folders1552735 - Filters not working properly in config mgmt configured systems 1552737 - UI: Broken bootstrapswitch design in custom button option of generic object 1552739 - [RFE] Expose Infra provider networks (RHOS) in host/node details 1552740 - [ALL_LANG]User Icon - Configuration - Settings - Schedules : Add a new Schedule page has untranslated entries 1552741 - Can't remove multiple instances or methods in UI. 1552743 - ui: Tabs switched When changing the System/Process type on add new button page 1552746 - typo in provider summary page: metrics type Hakular --> Hawkular 1552748 - [Embedded Ansible] Notification typo 1552753 - CFME Log lines in Diagnostics are divided into multiple lines 1552762 - Error when applying a filter in My Services from Adv search 1552763 - Remove Chargeback Rates field for Metering reports 1552776 - Auth MIQLDAP AD - miqldap_to_sssd conversion fails for ldap. 1552782 - Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0] 1552783 - Unable to add playbook repos after webui update 1552785 - Auth MIQLDAP AD - Users can't log in to console after miqldap_to_sssd conversion 1552790 - Validating credentials for replication throws error if pglogical schema not created 1552791 - miqldap_to_sssd help message is incorrect 1552792 - Auth External Auth SAML - Users with custom groups with special chars can't log in. 1552794 - A control alert for real time performance of a VM and Instance is not firing 1552796 - [RFE] Chargeback reports for OpenStack tenants 1552798 - [Providers] - Instances not linked after provider removal/addition 1552800 - Retirement requester is not passed down correctly to automate 1552801 - RBAC doesn't work for notifications 1552802 - No notification for failed registration 1552804 - configure_server_settings.rb changes numeric values to strings, causing failures when other code is expecting integers1552809 - [RFE] Support RestAPI Primary Collection for Containers (object) 1552817 - SUI doesn't display costs for SCVMM services 1552824 - Can Add Duplicate Custom Attributes on OpenShift Provider Via the API 1552826 - internal server error when cloud_networks, cloud_subnets or security_groups subcolls requested on RHEVM 1552828 - internalserver error when accessing attributes of the "picture" resource 1552838 - Targeted folder refresh doesn't work on VMware 1552842 - Customize vApp template prior provisioning (VMware vCloud Provider) 1552873 - RBAC Users can be removed from all associated groups after the webui shows the error "A User must be assigned to a Group" 1552879 - Tagging broken in Datastores and My Services page 1552880 - [RFE] There is no any indication in replication subscription screen for not accessible remote node 1552882 - The quad-icon tile for an OpenShift provider shows an exclamation mark, but a mouseover shows "Refresh Status: Success" 1552884 - Cursor on password field instead of username when we enter incorrect login details 1552886 - Unwanted comma in disk type string for Azure instances 1552889 - containers: identical volume name for different volumes in different pods is not useful for users (at least not admin) 1552890 - Tagging: Edit tags page doesn't open for network list items navigated through parent details page 1552895 - Error updating Nuage provider 1552900 - Title does not update when searching text in Datastores and other pages 1552903 - Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace) 1552904 - The accordion folds after adding a schedule 1552908 - Add button is not responsive on Role add page 1553191 - Timelines: Throws an error while trying to access Cloud Intel/Timelines 1553197 - Configuration -> Red Hat Updates tab does not list all required repositories 1553214 - JavaScript-UI: Wrong behavior of `display on button` checkbox while editing custom group form 1553224 - Set Ownership can not be changed back to default 1553241 - Container add provider empty flash message when not catch UI exception 1553242 - Tag: All Catalog Items are listed in resource dropdown while creating Catalog Bundle using restricted user 1553243 - Save button isn't activated when date is removed in VM "Set/Remove retirement date" 1553244 - [QEDevCollab] Components in 'Add buttongroup' form causing test automation failures 1553251 - Chargeback Rates page title incorrect after deleting rate 1553288 - Flash message icon is not correct Bottlenecks page 1553295 - Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log 1553304 - Evacuate Host failed 1553307 - Undefined method `vmm_version' for nil:NilClass on VM summary screen 1553309 - [RFE] Generic objects not displayed 1553311 - Wrong 'Fixed IPs' font size while adding a router with external gateway 1553315 - C & U Collection settings in configuration page improper styling 1553316 - On schedules pages is shown pagination from analysis profiles 1553317 - Broken footer in alerts 1553319 - [RFE][S-3] UI displays disabled domains for a instance's domain priority 1553322 - audit.log should not contain translated messages 1553323 - Adding Interface to Router with user in Tenant show all Subnets and not only the Tenant's Subnet 1553326 - Switch icon is missed on tag assignment page 1553327 - Stack Outputs icon is not displayed 1553329 - Using webmks console one cannot type correctly the password when it contains special characters1553336 - Default view settings fails for service catalogs 1553340 - [CONDITION] When we leave description blank, there are two identical flash messages. 1553345 - Openstack infra provider dashboard should not appear for an openstack infra provider 1553362 - Add miqssh utilities 1553384 - [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory 1553389 - VMware vCloud Provider's VM is only partially stopped/suspended 1553392 - EvmRole-auditor can perform actions on VM 1553393 - [RFE] Add RBAC and Tagging Support to Ansible Credentials. 1553396 - [RFE] Add RBAC and Tagging Support to Ansible Repos 1553397 - Error while checking that migrations are up to date 1553399 - Normalize text for operational alerts 1553480 - SUI : Clicking any link on dashboard does not change the navigation in left side 1553482 - Kebab menu appearing differently on service page and resourcedetail pages 1553483 - Kebab menu changes structure after 30 seconds in SSUI resource detail page 1553768 - [RFE] Add RBAC and Tagging Support to Ansible Playbooks 1553776 - Role inconsistency with privileges when creating reports and setting chargeback filters1553779 - Restricted user can see all group and users1553780 - notifications do not get cleared from the notification table 1553789 - Unable to add tag for configuration provider from 'All Rad Hat Satellites Providers' 1553791 - xClarity: Physical server summary page download as PDF button not supported 1553836 - Visibility expression does not evaluated correctly on custom buttons for Generic Object 1553873 - Missing Datastore Images 1553903 - [Regression] Backup/restore failing on appliances using pglogical 1554358 - Graph refresh should not be used for rhv36 providers1554370 - Wrong breadcrumb link on order screen 1554454 - Adding a physical provider shows as infrastructure provider (text change) 1554532 - Schedule report fails to send mail when report is not empty 1554541 - Long time to refresh network provider on OpenStack 1554823 - Infinite spinner on Edit Playbook Reset button 1554825 - NTP server details doesn't show in UI after adding a new zone 1554832 - Automatic placement causes cloud tenant to not be selectable 1554839 - Policy simulation results are not displayed 1554889 - OpenStack Cinder Storage provider detail does not have link to Volume Backups 1554898 - when deleting an archived node using configure > remove a unknown method error is raised 1554901 - Missing Guest OS in dashboard reports in Openstack 1557130 - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py 1557353 - Adding a network router via CloudForms the router is not seen by CloudForms 1557361 - [RFE][XS-2]Cloudforms does not show node hostname, only GUID for OpenStack Infrastructure Provider 1557367 - Request not required when adding Schedule 1557378 - [UI] There is no indication of cloud network delete operation 1557380 - Tagging: Edit tags page doesn't openfor images opened from provider summary page 1557388 - Inconsistent capitalization of 'CPU' when creating chargeback rate 1557391 - Physical Infrastructure provider quadicons doesn't support single view 1557400 - Physical server quadicon switch under My Settings doesn't respect RBAC rules 1558030 - internal server error when accessing the "policy_events" attribute of the "vms" resource 1558038 - AWS flavor list is out of date 1558040 - Not able to scan instances in AWS 1558046 - OpenStack - Include Provider Error Message in MiqProvisionFailure 1558048 - Provision fails if no Subnet assigned not Cloud Network 1558078 - [RFE][M-5] Targeted Refresh for Azure Provider 1558092 - Dropdown to delete a "not responding" server is missing 1558142 - Network provider quadicons doesn't support single view 1558144 - UI inconsistency - Size Unit title missing when adding a new disk 1558544 - Creating buttons under the Datastore objects do not appear on Datastore Details Pages 1558594 - No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2 1558610 - Images from the webmks css causes CSP errors in browser console 1558621 - RedHat domain can be edited/deleted 1558626 - PG::InvalidTableDefinition: ERROR: cannot alter inherited column "resource_type 1559475 - CUI returning empty array when dialog without associations is saved 1559479 - [RFE] Add RHV Credential to Ansible Automation Inside 1559483 - CUI doesn't check dialog field associations 1559543 - [RFE] Metering Reports should provide Hours of Existence & Start and end time of VMs, Projects and Images 1559544 - [RFE] Collect Container Project Quota Historical data in Project Roll-up 1559550 - Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage 1559552 - Api::ServiceCatalogsController timeout error in multi-regional environment 1559609 - Amazon agent deployment has to choose the VPC which has attached gateway configuration 1559624 - Graph refresh does not fetch custom attributes 1560004 - [RFE] SCVMM provider refresherror message issue if provider user doesn't have access to VMM service 1560096 - Error occurs when trying to edit a catalog item 1560098 - Outgoing SMTP E-mail Server settings not saved on first attempt 1560100 - Total matches of Ems Cluster roles showing wrong count 1560104 - Automate Schedule: "Starting time" field saves nonsense. 1560692 - Stop CF pestering OpenStack for Swift status when there is no Swift. 1560699 - Consolidated RefreshWorkers may cause job starvation 1560703 - Refresh is broken for ec2 when get_public_images is set to true 1560708 - My Company(All EVM Groups) filter missing from reports schedule 1561076 - Duplicate RBAC Role and Group names allowed when using different capitalization from the original name 1561079 - [Regression]Error with report policy event for the last 7 days 1561085 - [RFE] Azure Network router not displayed on CFMe 1561091 - List view displayed instead of grid on Manage Policies screen 1561096 - Default selected tag name / value mismatch when assigning tags 1561107 - ERROR -- : AnsibleTowerClient::Middleware::RaiseTowerError Response Body: {"detail"=> ["'username' is not a valid field for Vault"]} 1561216 - Failure to refresh on OpenStack provider when Fog::Storage::OpenStack::File object has nil body attribute 1561218 - [RHV] PXE provision with Network "use template nics" fail on creating VM 1561222 - ping feature inconsistent with webui ping when database connectivity is lost 1562075 - Duplicate values are shown in dialog dropdown. 1562235 - Nics are Provisioned out of Order for VMware Service Provision 1562772 - tenant source_id compromisation after changing provider credentials 1562777 - Approval permissions are not followed between different groups 1562779 - Cannot create service template using the API 1562780 - [SCVMM]Extract Running Processes completed Task List does not inform about Warnings. 1562782 - A state machine's on_exit method runs before the main method if the main method is an embedded Ansible playbook 1562785 - Refresh failed after performingvm_reconfiguration_task 1562788 - [Regression] RHV provider discovery doesn't work 1562791 - Database Replication broken for current and new regions 1562797 - CFME - usage of non standard special characters (e.g. accents) in password causes user is not able to login 1562800 - Schedule Operation: Cannot create schedule, "Add" button is not active 1562803 - [RFE] CFME, add Ansible GIT repository custom SSH port option 1562811 - No Advanced Search in Volume Snapshots/Backups 1563268 - CloudForms appliance is ignoring azure proxy settings in advanced tab. 1563351 - Nuage provider is unable to refresh inventory when subnets are missing gateway address 1563358 - Nuage Networks provider does not handle empty AMQP details 1563359 - Nuage Provider doesn't capture Alarms 1563361 - Nuage provider's event catcher yields "Too many open files" after 9 hours1563363 - VMware vCloud Provider's inventoring fails because of bug in Disk parsing 1563364 - Support console access for VMware vCloud Provider's VMs 1563492 - CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges 1563731 - in the conditions screen you see "Container Node" on the left but "Node" on the right 1563740 - ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine 1565139 - Some expression method definitions can fail with " " in a dialog and a stack trace in evm.log 1565140 - Embedded Ansible job_status .out files are not processed by logrotate 1565142 - Nuage Provider uses qpid_proton gem version without heartbeating 1565147 - Unable to create Cloud Network due to undefined method 1565148 - Service gets submitted even if dialog does not passes validation 1565151 - Regression Custom Button Dialog Not Displaying Submit or Cancel Button 1565156 - Unable to see realtime data from OpenShift in CloudForms UI 1565160 - Ansible playbook credentials always show default value in SUI 1565167 - openstack provisioning instance fail on checkprovisioned 1565232 - OpenStack with badcredentials shows timeout 1565677 - Container reports take too much time to generate 1565686 - VMware vCloud Provider credential validation fails 1565756 - Remove specific EVM server from zone 1565862 - CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates 1566255 - DRb 'close' error for closed connection 1566526 - Reporting worker exceeding threshold for default report tied to custom widget 1566529 - Smartstate Analysis Schedule Fails for OpenShift 3.7 Container Images 1566530 - Report for Storage Capacity Field Generating Error Cannot Convert Hash to Float 1566541 - [RFE] Target Refresh support for OpenStack Block Storage Manager 1566557 - [Regression] Infra provider discovery doesn't work 1566562 - RHSM failing to register with proxy settings 1566563 - Cloudforms present blank page for backup volumes 1566568 - Appliances Missing from Global Region are showing a Zone ID of a Local Region 1566572 - ERROR ASCII-8BIT to UTF-8","klass":"Encoding::UndefinedConversionError"}} 1566577 - [AZURE]Filter list of available Public IPs 1566658 - [PRD][RFE] Ansible Next Gen - Playbook Seeding 1567278 - xClarity: Error while execute the second refresh cycle 1567962 - VMware vCloud Provider's VMs cannot revert from snapshot 1568023 - [Embedded Ansible] Standard Output throws error if Hostname has Non-ASCII Characters1568091 - Catalog Item with Tag Control element cannot be ordered 1568156 - Not able to import certain dialogs because of tag Id 1568158 - User Interface does not come up after reboot 1568162 - DRO Service mapping to DRO instance incorrect 1568467 - Cannot put special characters in proxy password in Advanced Config 1568473 - Saving a service dialog with a multi-select drop-down populated by expression method gives a 500 internal server error 1568550 - CFME: OpenSCAP evaluation report target machine does not show container image name 1568559 - Deployment template validation failed 1568602 - Git repo automate datastore refresh timing out upon credentialchange 1569099 - Orphaned and Archived VMs displayed in running vms filter 1569103 - Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances 1569113 - Apache Reloaded twice with logrotate 1569177 - ERROR : 404 when trying to set the retirement date of the service 1569236 - [UI] - ManageIQ string in PDF summary file for flavors1569472 - In dynamic dropdown list, the default value contains ALL the values of the list 1569551 - Auto-refresh values take forever to load values in dropdown 1570118 - CloudForms 4.6 - filtering based on tags does not work for catalog items 1570821 - Unable to run ansible playbook method via Simulate 1570950 - Service and VM retirement are non-deterministic, running parallel 1570989 - Service Catalog Item Subtype not rendered in UI 1571310 - Unable to select storage manager from drop down list through classic UI 1571976 - Dynamic check box does not update in Classic UI 1571989 - droplist with large amount of items do not display a search field 1572711 - Automate Methods from Dynamic Dialog are being Run More than Designed / Expected 1572716 - Delay in rendering service dialog 1572718 - Provider Inventory worker vim.log fills up due to large log messages 1573215 - OpenStack Block Storage Manager Cinder does not refreshed 1573246 - Workload category for Tag Control element does not work 1573254 - auto_refresh being used instead of dialog field responders on later versions 1573539 - Dashboard widget is not providing exact content due to Type conversion Exception. 1573990 - in certain situations the refresh methods are called on every single refresh 6. Package List: CloudForms Management Engine5.9: Source: ansible-2.4.4.0-1.el7ae.src.rpm ansible-tower-3.2.4-1.el7at.src.rpm cfme-5.9.2.4-1.el7cf.src.rpm cfme-amazon-smartstate-5.9.2.4-1.el7cf.src.rpm cfme-appliance-5.9.2.4-1.el7cf.src.rpm cfme-gemset-5.9.2.4-1.el7cf.src.rpm dbus-api-service-1.0.1-3.el7cf.src.rpm httpd-configmap-generator-0.2.1-2.el7cf.src.rpm postgresql96-9.6.6-1PGDG.el7.src.rpm python-paramiko-2.1.1-4.el7.src.rpm rh-ruby23-rubygem-json-2.1.0-1.el7cf.src.rpm rh-ruby23-rubygem-qpid_proton-0.22.0-2.el7cf.src.rpm noarch: ansible-2.4.4.0-1.el7ae.noarch.rpm ansible-doc-2.4.4.0-1.el7ae.noarch.rpm python-paramiko-2.1.1-4.el7.noarch.rpm python-paramiko-doc-2.1.1-4.el7.noarch.rpm rh-ruby23-rubygem-qpid_proton-doc-0.22.0-2.el7cf.noarch.rpm x86_64: ansible-tower-3.2.4-1.el7at.x86_64.rpm ansible-tower-server-3.2.4-1.el7at.x86_64.rpm ansible-tower-setup-3.2.4-1.el7at.x86_64.rpm ansible-tower-ui-3.2.4-1.el7at.x86_64.rpm ansible-tower-venv-ansible-3.2.4-1.el7at.x86_64.rpm ansible-tower-venv-tower-3.2.4-1.el7at.x86_64.rpm cfme-5.9.2.4-1.el7cf.x86_64.rpm cfme-amazon-smartstate-5.9.2.4-1.el7cf.x86_64.rpm cfme-appliance-5.9.2.4-1.el7cf.x86_64.rpm cfme-appliance-common-5.9.2.4-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.9.2.4-1.el7cf.x86_64.rpm cfme-appliance-tools-5.9.2.4-1.el7cf.x86_64.rpm cfme-debuginfo-5.9.2.4-1.el7cf.x86_64.rpm cfme-gemset-5.9.2.4-1.el7cf.x86_64.rpm cfme-gemset-debuginfo-5.9.2.4-1.el7cf.x86_64.rpm dbus-api-service-1.0.1-3.el7cf.x86_64.rpm httpd-configmap-generator-0.2.1-2.el7cf.x86_64.rpm postgresql96-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-contrib-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-debuginfo-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-devel-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-docs-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-libs-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-plperl-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-plpython-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-pltcl-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-server-9.6.6-1PGDG.el7.x86_64.rpm postgresql96-test-9.6.6-1PGDG.el7.x86_64.rpm rh-ruby23-rubygem-json-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-debuginfo-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-doc-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-qpid_proton-0.22.0-2.el7cf.x86_64.rpm rh-ruby23-rubygem-qpid_proton-debuginfo-0.22.0-2.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-1101 https://access.redhat.com/security/cve/CVE-2018-1104 https://access.redhat.com/security/cve/CVE-2018-7750 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa8LreXlSAg2UNWIIRAgpQAKCCPcTt0PIPd1xkHzaulPHP6rxO9wCZARu7 6dE6DBC1gk0rgt4Iu/H7uCg=7C4y -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 07, 2018
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!