You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa CloudForms

Sigurnosni nedostatak programskog paketa CloudForms

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat CloudForms security, bug fix, and enhancement update
Advisory ID: RHSA-2018:0380-01
Product: Red Hat CloudForms
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0380
Issue date: 2018-03-01
CVE Names: CVE-2017-15125
=====================================================================

1. Summary:

An update is now available for CloudForms Management Engine 5.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.9 – noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

Security Fix(es):

* A flaw was found in CloudForms in the self-service UI snapshot feature
where the name field is not properly sanitized for HTML and JavaScript
input. An attacker could use this flaw to execute a stored XSS attack on an
application administrator using CloudForms. Please note that CSP (Content
Security Policy) prevents exploitation of this XSS however not all browsers
support CSP. (CVE-2017-15125)

This issue was discovered by Yadnyawalk Tale (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update. After installing the updated packages, the
httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1253012 – [RFE] Custom button filtering mechanism needed
1334930 – [RFE] Customer asking how to delete host instance using automate
1335989 – Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash
1339612 – Vmdb Last Start Time bad date
1341502 – Can’t collect logs to subfolder using anonymous ftp connection
1341867 – [RFE] SmartState Analysis for OpenStack instances booted from Cinder volume
1371222 – EC2 autorefresh works only for items associated to instance/image
1373076 – [RFE] Publish VM to a template
1375506 – [RFE] Charge volume types differently.
1379185 – [RFE] Allow to configure OpenSCAP CVE definitions URL
1389660 – [RFE] Extend custom buttons visibility criteria
1393038 – [RFE] Display System Default Timeout Value in Reports
1393655 – HTML character codes while accessing the vm/templates page under a folder which has ‘/’ in name
1393681 – Unsupported content type ‘menu’ ERROR in logs when generating Menu Widget for user
1395011 – ‘Monthly Host Count per Provider’ report should not contain public cloud providers
1395013 – ‘Monthly Host Count per Provider’ report should not contain Container providers
1395356 – [RFE] Targeted Refresh for Amazon VMs in via vm_object.refresh method
1395757 – [RFE] Cloud-Init Scripts in Google’s Compute Engine
1395782 – Trying to connect to VM console randomly fails on RHV environments
1396529 – [RFE] when selecting flavour in Instance Provisioning there are no information about the flavour and the name make it complex to undertand
1397247 – Getting Couldn’t find MiqTask Errors in evm.log
1398535 – UI: Text or check-box is misaligned on button summary page
1400064 – [RFE] Allow configuring the OpenShift proxy per provider in the UI
1401718 – Unfriendly error message when volumes quota exceeded
1402855 – [Azure] [SDN] – Network port names have long names
1402953 – [RFE] Call automate event ‘request_created’ for OpenStack instance ‘Reconfigure this instance’
1403184 – “uninitialized constant MiqException::MiqVolumeBackupCreateError” when creating backup for cloud volume
1403784 – [RFE] Separate Volumes list and Volume Backup list
1404346 – [Scale] Full refresh taking a lot of time for RHV provider
1404357 – Targeted refresh enhacements for VM import\rename\migration events.
1405369 – Satellite 6 provider can be added without https prefix but reprovisioning fails with 301 Permanently Moved without it
1408274 – [scale] – reduce the amount of API objects to single object.
1410183 – [RFE] Add Serial Number information in reports for RHV host hardware report
1411300 – [RFE] OVN switch visualization and control within ManageIQ
1411515 – [RFE] Ability to control which custom buttons / button groups get displayed on Instances/VMs
1415764 – [RFE] Cloud Network summary should display ems_ref
1416510 – [RFE] Report on Container Project Quota
1416903 – power operations using REST API on parent service has no effect
1417021 – [RFE] Cannot use AWS CloudFormation YAML Template
1417313 – Schema missing warnings in logs
1417320 – invalid href in response from custom attributes edit action
1418338 – inconsistency in actions available for resource when accessed through different collections
1419872 – Creating second snapshot for suspended VM throws error in evm.log
1420872 – entities under /api/notifications collection are missing “delete” action with “DELETE” method
1421878 – API request is not returning expected result for LDAP user
1422206 – [RFE] Hiding /masking environment variables in container explorer
1422422 – [RFE] Allow for retirement based on date and time or delay
1422580 – [RFE] Retirement should support date and time selection
1422596 – entities under provider custom_attributes don’t have “delete” action with “DELETE” method listed
1422671 – Seeding timeout when creating region in external database
1424794 – [RFE] add help Icon to Service Dialog Element to show description information
1424797 – [RFE] Help Menu are not customisable
1424804 – [RFE] In Service Dialog, Element Validation should run just after user enter Input and not when clicking submit button
1424808 – [RFE] In Service Dialog, Elements should remain Red until validation is met and then turn green
1424842 – Setting report menus via the API breaks report menus
1425153 – [RFE] – refuse to create the database on the same drive as the OS is installed onto
1427484 – Add ‘X’ option to enable closing the Notification window by it.
1427488 – On add new Provider/Host, the “Confirm Password” field is not actually required.
1428284 – [RFE] VMware VM Add Disk be able to specify controller type
1428438 – Removing Instances from the last page causes UI glitches
1428942 – [RFE] New Help Screen cannot be hidden/unhidden
1429014 – [RFE] Rename confusing button option
1429382 – remove Amazon provider discovery as an option
1430701 – Failure to fetch v2_key prevents relaunching appliance_console
1431370 – [RFE] Ability to select OpenStack External external network during the instance provisioning
1431815 – appliance_console_cli allows configuration that is not supported
1432578 – status 500 internal server error when invalid security group in provision request
1435773 – entities under /api/policies collection are missing “delete” action with “DELETE” method
1436846 – Unable to apply tag to Ansible Tower Providers
1437138 – containers: cannot edit a containers provider without hawkular
1437201 – attributes selection in query ignored for some collections
1437549 – containers: objects from previous providers remain in setup after provider delete
1437587 – False negative: Unable to reconfigure Instance “xxx”: When resizing, instances must change flavor!
1439345 – appliance_console will not open if no network attached
1439882 – When attempting to configure internal database after running ‘Configure Database Replication’ error message says to chose none existent option
1440436 – Tag information not displayed on Switch summary page
1441144 – UI: “Refresh Relationships and Power states” on RHOS provider throws error in evm.log
1441319 – [SCVMM] Error during provision to CSVFS storage
1441637 – Tag Visibility | All cloud key pairs is visible for restricted user
1441721 – ERROR in the log when authentication session expires while catching RHV events
1442087 – REST API for service_requests/:id/tasks returning Tasks not seemingly associated with the defined service_task
1442765 – UI: Unable to create cloud volume
1442791 – get_user_object does not exist error durring authentication process for setup that does not pull groups from ldap
1443190 – Support operation `create` on CloudObjectStoreContainer
1443740 – Simplify Container and Container Definition Models
1445702 – Unable to generate report for middleware servers
1445735 – Add provider: No validation for non ‘default’ tab on init
1446585 – CFME servers not deleting from Web UI
1446801 – Set ownership on templates show error in logs
1447064 – Auth – External Auth – FreeIPA – User can still log in if their group is removed from LDAP server and they’ve logged in before
1447639 – Bad wording in error message when connections prevent db restore
1448139 – cfme-appliance requires telnet/vim
1448323 – [RFE] Add detailed error reporting when SmartState Analysis is failing
1448601 – Ansible – Repo – Property Page – No Page Refresh button
1448811 – Container FailedSync events no longer supported but still present in UI
1448827 – Unable to create incremental backup of cloud volume for attached volume
1448971 – Service Dialog Check Box Required Field Cannot be Unchecked if previously set
1450185 – Removed Job screens shown as available Features on role configuration screen
1450249 – [RFE] Out of the box OpenSCAP Images Report
1450839 – Restricted user can see vm/instance from different groups which have tags from users group
1451052 – [RFE] Self_Service UI does not utilize custom image in top right corner
1451132 – Missing % sign on CPU Utilization page for cloud instances and Availability zones
1451163 – Appliance console label capitalization corrections – NFS and SMB
1451266 – Rbac | Tag: Inconsistency in group/tag restriction for ‘group or user owned’ roles
1451577 – [RFE] Targeted refresh for Templates events
1452391 – [RFE] Last Refresh Include Time Stamp
1452799 – [RFE] Create Chargeback report based on Pods limits allocation of CPU and Memory
1455955 – web service and UI worker enabled, connection made to RHV-M API
1456406 – credential validation request performed by default zone rather than selected zone.
1458427 – [RFE] Display the MAC address of the machine in the VM/instance page summary
1458713 – [RFE][RHV] Host refresh enhancement
1459189 – [RFE] Allow to specify per Provider the location of OpenSCAP CVEs and Image-Inspector image
1459496 – labels next to checkboxes on Control Policies->Event Assignment page aren’t clickable
1459555 – [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers
1461560 – Provisioning to RHV 4.1 Max Memory Size Needs to be Adjusted as Necesary
1461618 – [RFE] Dashboard at Project Level
1461872 – [RFE] CloudForms can receive Alert from Prometheus in OpenShift
1461939 – Unable to retrieve list of services
1461943 – [RFE] Alerts generated by Prometheus should be visible in an Alert UI in CloudForms
1461944 – [RFE] In Alert Management UI, it is possible to assign Alert to someone and Add Note
1461970 – [RFE] When adding OpenShift Provider, allow detection of Metrics endpoints
1462032 – appliance_console asks for database password twice when connecting to remote database
1462835 – [RFE][TD] Provide per-provider instance advanced settings
1464529 – the name of amazon providers aren’t synced with the name of their network manager
1464924 – [RFE] Expose the provider disable option in the UI
1465395 – Frequent restarts for CinderManager::EventCatcher worker when doing refreshes with OpenStack Provider
1466172 – [RFE] add graph refresh support for RHV full refresh
1466340 – [RFE] Dialog System needs to be cleaned up and moved to ui-components
1466397 – Error message leaking JSON header while adding key pairs
1466417 – Can’t Provision Vm via V3 (using ovirt gem)
1466514 – Auth – MIQLDAP External Auth – SSUI web interface hangs when switching to group that doesn’t have SSUI permissions
1467692 – credentials not required when adding provider using the REST API
1468634 – Incorrect Max CPU and Memory usage values displayed
1469364 – [VM Provision] – Destination ‘Cluster’ should be required in order to submit VM provision
1470260 – Asc sort order for filtered tags returns error
1470357 – RFE : Add ManageIQ.qe.anythingInFlight() method to SUI javascript
1470491 – Service provision on Azure fails when managed image is used.
1470868 – [RFE] Timestamp shown for “Retiring soon” filter should be simplified
1471083 – Sorting is not working under Saved Reports Tab
1471146 – Unexpected error encountered while provider editing
1473379 – Storage profiles causing refresh to exceed 30+ minutes
1474094 – [RFE] Image list view should have also: number of containers and Last Image Scan date
1476666 – Error message shows Header info
1476705 – [RFE] Provisioned VM via cinder volume
1478802 – ‘ManageIQ’ showed in CFME Cloud Tenant Report
1479667 – Azure Cloud Network cfmeautopay shows higher instances number
1479859 – yum update from cloudforms 4.5.0 to 4.5.1 creates v2_key
1480281 – [RFE] href not returned when ordering service from the service_templates subcollection
1480814 – Rendering issues for graph in ‘Optimize > Planning’
1481547 – [RFE] Missing the ability to set custom attributes on services via api
1483636 – [RFE] – VMware MANUAL Placement to Support ONLY Clusters
1483973 – Services order request failure is not reflected in the Self Service UI
1484024 – – [RFE] – VMware MANUAL Placement to Support ONLY Folders
1484770 – [RFE] Containers Providers should have a quadicon similar to cloud and infra providers
1485310 – href_slug attribute pointing to wrong collection
1485424 – Invalid “href” value in “versions” when API version is specified
1486041 – Unable to login to new user account when it contains one or more uppercase character(s)
1486224 – SUI fails to change group
1486264 – Openstack: undefined method `tenant_mapping_enabled=’ for nil:NilClass
1486656 – “Error:no implicit conversion of nil into Array” on GCE provider refresh
1486797 – [RFE] Graph Refresh supported for OpenStack
1487089 – [RFE] OpenStack Provisioning support create Volume from Image and Image Snapshot
1487098 – [RFE] Support Security Group CRUD in OpenStack
1487103 – [RFE] Add/Remove Security Group to OpenStack Instance
1487112 – [RFE] Flavor CRUD for OpenStack
1487124 – [RFE] Multi-select Instance support in Openstack for Evacuation and Migration
1487135 – [RFE] User and OpenStack Tenant relationship maintained with EMS Refresh
1487212 – [RFE] OpenStack Task should use Notification
1487222 – [RFE] Support OSP12 Undercloud
1487433 – Storage Chargeback rates have ‘Storag’ instead of ‘Storage’ in Description
1487749 – MiqEvent or EVM Event always has current VM owner as user, not UI user of event initiator
1488004 – [RFE] Searching technique for the “values” drop down box
1488072 – [RFE] Reconnect container images when seen again
1488135 – [RFE] [AWS][SDN] – No Network routers loaded from provider
1488395 – Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]=’
1489556 – v2_key has world readable (others) permissions of 0644
1489664 – [RFE] Create OpenStack flavor
1489908 – format conversion issues wiht openstack HOT heat templates for lists and hashes
1490091 – use RHV v4 api by default
1490103 – Unable to perform vm operation via button on self-service portal
1490639 – Automate Script Fails in Service UI with VM Record Not Found
1492268 – [PRD][RFE]Ansible Modules – Service Linking
1492269 – [PRD][RFE]Playbooks StateMachine Method Type
1492273 – [PRD][RFE]Ansible Custom Button – overlay with simpler UI Req
1492275 – [PRD][RFE]Dynamic Fields from VMDB
1492888 – Update the Insights UI to bring in new elements
1493785 – cannot create Service Orders with multiple service requests
1493996 – [RFE ] OpenStack: Handle dialog fields when provisioning using Heat Orchestration.
1494212 – [RFE] Description field in Dynamic Dialog Element cannot be updated from Automate Method
1494340 – Unexpected error while editing policy of Cloud Subnets
1494344 – Unexpected error encountering in Cloud Object Store Containers of cloud tenant
1494442 – symbol conversion error while detaching disks from an openstack instance
1495192 – [PRD][RFE] Backup & Restore
1496052 – [ALL_LANG] Compute – Containers – Topology page has untranslated warning message
1496233 – [RFE] Disable toast notifications by role in SUI
1496246 – Image URL is incorrect for Embedded Ansible Worker
1496407 – [ALL_LANG] Automation – Ansible : Configuration menu items not localized
1496749 – Custom Button set on Providers does not show up in OpenShift Providers.
1496848 – Access to RHV using the oVirt SDK may crash the events worker
1496979 – Check for UPN userid when “Get User Groups from External Authentication (httpd)” is not checkd
1497107 – [ALL_LANG] Storage – Block Storage – Volumes : Configuration menu item is untranslated
1497159 – [ALL_LANG] Storage – Object Storage – Object store containers : untranslated Configuration menu items
1497663 – [RFE] Allow grouping by Docker Label in Reporting
1497686 – [PRD] [RFE] Generic Object Support – Full CRUD
1497689 – [PRD] [RFE] Generic Object Support – REST API Support
1497692 – [PRD] [RFE] Generic Object Support – UI support tagging
1497703 – [PRD] [RFE] Generic Object Support – View Generic Objects on Ops UI service details
1497705 – [RFE] Generic Object Support – View Generic Objects on Service UI service details
1497728 – [RFE] Add new Service UI specific RBAC controls
1497732 – [RFE] Add RBAC to “App Launcher”
1497733 – [RFE] Rework Resource Details Level page per the new UX design
1497783 – [PRD] [RFE] Generic Object Support – Expose custom buttons backend
1497784 – [PRD] [RFE] Generic Object Support – Expose custom buttons via REST API
1497791 – [PRD] [RFE] Generic Object Support – Backend changes, service, report exclusion
1497947 – [RFE] Metrics: Number of hours should be available in Reporting including Chargeback
1500073 – RFE REST API – List all Container Nodes of all Container Providers
1500199 – Custom button with dialog in Cloud Tenant crashes
1500603 – [RFE] As an admin, I want to add user in multiple Groups without using external authentication
1500922 – [RFE][PRD] Support OpenShift Template in Catalog of Services
1500925 – [RFE][PRD] Allow closing Notification by just clicking on a “close icon (x)”
1500929 – [RFE] New Service Dialog Editor re-design with Drag & Drop
1500956 – [RFE][PRD] Explore Allow Copy of highlighted text in Automate Without going into edit mode
1501260 – ipv6 DNS not accepted when setting static ipv4 address
1501333 – RBAC: Tag expression | Get Error filtering vm/instances
1502290 – [RFE] [PRD] Convert existing PF based and main dashboard widgets to Angular/API
1502299 – [RFE][PRD] Add severity setting to Alert editor
1502301 – [RFE] As an Admin, I want to be able to disable “Help Menu” in Self Service UI
1502304 – [RFE] Show buttons only if certain condition exists (Button Filtering)
1502307 – [RFE][PRD] Allow modifying dialog inputs when existing Order/Request is duplicated
1502310 – [RFE][PRD] Enable the submit button only when all validations in the dialog are ok
1502314 – [RFE][PRD] Show field that does not match expected pattern in red while typing
1502315 – [RFE][PRD] Add help button for every element with mouse hover support
1502316 – [RFE][PRD] Add the ability to search in drop down list in Service Dialog
1502318 – [RFE][PRD] Show all my snapshots in timeline view on the Snapshot Level Page
1502319 – [RFE][PRD] Add the ability to take a snapshot from Service Level and Resource Details Level
1502683 – Optimize API calls on My Services and VM details page
1502963 – RHV41 Provider Discovery failure
1503237 – labels next to new radio buttons cannot be clicked
1505110 – [RFE] New Type Report Based Metering
1506069 – [RFE] [PRD] Convert existing Provider PF based and main dashboard to Angular/API
1506463 – Graph refresh fails when targeting a vm.
1506816 – [RFE] Add Metering Used Hours to chargeback report for containers
1507414 – [RFE] support async requests for full refresh
1507574 – Azure instance retirement is broken
1507634 – [RFE] Orchestration Template refactoring and enhancement
1510066 – appliance_console loses currently configured secondary DNS when configuring network
1510134 – No flash message after a chargeback rate is updated
1511078 – Flash message should be shown instead of error dialogue box
1511105 – inconsistent response when deleting nonexistent authentication using API
1511151 – [RFE] VM Networks incorrectly discovered in SCVMM provider
1511521 – Title contains compressed string on Container Image Control Policy page
1511524 – Moving widgets to the bottom of a column fails
1511978 – Used disk space is 0% when value is not available from the Provider
1513482 – [RFE] Collect Persistent Volume Claim’s requests and limits
1513489 – Auth SSUI – Self-service UI doesn’t time out when session timeout is reached
1513625 – Setting custom ip while adding Floating IP has no effect
1514006 – [RFE] add an “admin portal” button for RHV provider 4.1.8 and above
1514116 – Maintenance tag should be shown in Host table during provision
1514141 – [PRD] [RFE] Generic Object Support – Expos custom buttons – Ops UI
1514154 – [PRD] [RFE] Generic Object Support – Assign custom buttons
1514525 – We cannot backdate the schedule once you schedule it
1515438 – [RFE] Support standard structured image scan annotation
1515486 – Cloudforms: Openstack tenant quota information is unknown for many fields in cloudforms
1517396 – CVE-2017-15125 cloudforms: XSS in self-service UI snapshot feature
1517817 – Embedded Ansible role claims to be activated but ERROR in evm.log
1517947 – pods status is shown as “phase” in the cfme properties table
1517954 – Unable to use the same tenant name across multiple regions.
1517959 – NTP config file doesn’t change after clearing the NTP servers settings
1518775 – SmartStateAnalysis on template throws “Error: [undefined method `each’ for #<DMiqVim:0x0000000c0c7090>]” in evm.log
1518872 – Configuration management provider without validation
1519473 – VMs on SCVMM report cores per socket and number of sockets incorrectly
1519984 – In CF 4.5 , custom report is not able to be shown in “Available Reports” option in “Edit Report Menus”
1520488 – [RFE] Implement Inventory Graph Refresh for OpenShift to improve collection performance
1520491 – [RFE][TD] Create and use Prometheus Alert Buffer Ruby client
1520500 – [OSP] – Unable to remove cloud tenant (keystone V3)
1520552 – [RFE][PRD] As an Admin, I want to set custom buttons at any Object levels in providers for single and list view
1520617 – fog auth errors when openstack project is disabled in provider side
1522846 – Service names starting with ‘VM-‘ can cause report generation failures with “`load_missing_constant’: Unable to autoload constant VM”
1524611 – Please expose generic objects to the services service model
1524626 – Fix precision and reliability of metrics collection for OpenShift
1526047 – Access control roles not modifying correctly.
1526085 – Services->My Services page has missing translations for some entries
1526089 – [ALL_LANG] Compute – Clouds – Providers – Provider page has untranslated entries
1526090 – [ALL_LANG] Storage – Block Storage – Managers page has untranslated entries
1526118 – Stored C&U “CPU (Mhz)” values for RHV VMs are incorrect (too high) by a factor of two
1526582 – Tag names on Topology page contain full path
1526586 – [RFE] Remove Alerts Severity when creating Alerts
1527108 – [RFE] Embedded Ansible Playbooks Unable to be Tagged
1527576 – [RFE] As an admin & User, I want to search across all services in My Services with basic and Advanced search
1527578 – Tooltip on retire button blocks the click of options
1527625 – Problem enabling SSL connections to CF database node
1527663 – cpu_usagemhz_rate_average is 0 for RHV 4 VMs
1527665 – Cannot install CloudForms in a 3TB disk
1530645 – openshift provider add/edit error should show or log full provider response
1530674 – Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone
1530713 – vim_performance_tag_values table growing too much
1530734 – [RFE] CloudForms can collect Metrics from Prometheus in OpenShift
1530736 – [RFE][TD] Create and use Prometheus Metrics Ruby client
1530739 – An IPv6 address for a RHV VM’s NIC is incorrectly stored as an ipaddress attribute rather than ipv6address attribute
1530794 – Edit Tag Page : Check box is present near quadicon
1530820 – Name has Already been taken error when editing zone in Global Region
1531303 – ae_max_retries does not show the correct value after one retry if called through multiple relations each limited by different max retries counts
1531304 – [RFE] Reconfigure for Cloud Vm should get auto-approved.
1531312 – Policy button missing on switch detail page
1531602 – CloudForms: Unable to perform “Exit Maintenance Mode” task of VMware host
1531605 – [ALL_LANG] Storage – Block Storage : Snapshots and Backups pages have untranslated entries
1532354 – Tag | ‘Reset’ button doesn’t work for tag page opened from service item detail page
1532355 – Tag | Service Item: Part of tag edit page is missing after click on ‘Reset’ button
1532646 – VPC tags are not honored in Infra provisioning and Service Catalog Item creation
1533219 – Control->Explorer is visible for evmgroup-security role
1533499 – [RHEV provider][vm provision] Specifying vnic profile on virtual nic instead of network.
1534753 – SSA: Datastores: Get SmartState Analysis for 1 storages complete (1 in Error) for some datastores types
1535059 – when I turn ON notifier, spamming my inbox with email notifications for past notifications
1535062 – While adding subnet through normal user admin tenant is visible
1536046 – Service Catalog Item custom images does not replicate to global region
1536101 – Container Nodes should be archived instead of being deleted
1537131 – Miq Server leaks memory and we fail to detect and remediate it
1537135 – [RFE] Container Roles must contain New Monitoring features
1537303 – [RFE] Update vSphere OVA settings (SCSI controller, NIC adaptor and hardware version)
1537790 – Event AWS_API_CALL_TerminateInstances on EC2 in wrong timeline category
1539074 – [RFE][RADAR] New Metering Calculation for Middleware Products running on OpenShift
1539124 – Unexpected behavior when importing datastore with 2 domains from Git
1541175 – Tag assignment: ‘Reset’ button doesn’t work for vms, templates

6. Package List:

CloudForms Management Engine 5.9:

Source:
ansible-2.4.3.0-1.el7ae.src.rpm
ansible-tower-3.1.5-3.el7at.src.rpm
bubblewrap-0.1.7-1.el7.src.rpm
cfme-5.9.0.22-1.el7cf.src.rpm
cfme-amazon-smartstate-5.9.0.22-1.el7cf.src.rpm
cfme-appliance-5.9.0.22-1.el7cf.src.rpm
cfme-gemset-5.9.0.22-1.el7cf.src.rpm
dbus-api-service-1.0.1-2.el7cf.src.rpm
dumb-init-1.2.0-1.el7.src.rpm
erlang-19.0.4-1.el7at.src.rpm
freeipmi-1.5.1-2.el7cf.src.rpm
google-compute-engine-2.0.0-1.el7cf.src.rpm
google-config-2.0.0-1.el7cf.src.rpm
httpd-configmap-generator-0.2.1-1.el7cf.src.rpm
nginx-1.10.2-1.el7at.src.rpm
postgresql94-9.4.15-3PGDG.el7at.src.rpm
prince-9.0r2-10.el7cf.src.rpm
python-crypto-2.6.1-16.el7at.src.rpm
python-jmespath-0.9.0-4.el7ae.src.rpm
python-meld3-0.6.10-1.el7.src.rpm
python-paramiko-2.1.1-2.el7ae.src.rpm
qpid-proton-0.19.0-1.el7cf.src.rpm
rabbitmq-server-3.6.9-1.el7at.src.rpm
rh-postgresql95-postgresql-pglogical-2.1.0-2.el7cf.src.rpm
rh-postgresql95-repmgr-3.1.3-2.el7cf.src.rpm
rh-ruby23-rubygem-bcrypt-3.1.11-1.el7cf.src.rpm
rh-ruby23-rubygem-ffi-1.9.18-1.el7cf.src.rpm
rh-ruby23-rubygem-hamlit-2.7.5-1.el7cf.src.rpm
rh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.src.rpm
rh-ruby23-rubygem-json-2.0.4-1.el7cf.src.rpm
rh-ruby23-rubygem-linux_block_device-0.2.1-1.el7cf.src.rpm
rh-ruby23-rubygem-memory_buffer-0.1.0-2.el7cf.src.rpm
rh-ruby23-rubygem-nio4r-2.1.0-1.el7cf.src.rpm
rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.src.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-4.2.1-1.el7cf.src.rpm
rh-ruby23-rubygem-pg-0.18.4-1.el7cf.src.rpm
rh-ruby23-rubygem-puma-3.7.1-1.el7cf.src.rpm
rh-ruby23-rubygem-qpid_proton-0.19.0-1.el7cf.src.rpm
rh-ruby23-rubygem-redhat_access_cfme-2.0.2-2.el7cf.src.rpm
rh-ruby23-rubygem-redhat_access_lib-1.1.4-1.el7cf.src.rpm
rh-ruby23-rubygem-rugged-0.25.1.1-1.el7cf.src.rpm
rh-ruby23-rubygem-sqlite3-1.3.13-1.el7cf.src.rpm
rh-ruby23-rubygem-unf_ext-0.0.7.4-1.el7cf.src.rpm
rh-ruby23-rubygem-websocket-driver-0.6.5-1.el7cf.src.rpm
smem-1.4-1.el7cf.src.rpm
supervisor-3.1.4-1.el7.src.rpm
wmi-1.3.14-7.el7cf.src.rpm

noarch:
ansible-2.4.3.0-1.el7ae.noarch.rpm
ansible-doc-2.4.3.0-1.el7ae.noarch.rpm
google-compute-engine-2.0.0-1.el7cf.noarch.rpm
nginx-all-modules-1.10.2-1.el7at.noarch.rpm
nginx-filesystem-1.10.2-1.el7at.noarch.rpm
python-paramiko-2.1.1-2.el7ae.noarch.rpm
python-paramiko-doc-2.1.1-2.el7ae.noarch.rpm
python-qpid-proton-docs-0.19.0-1.el7cf.noarch.rpm
python2-jmespath-0.9.0-4.el7ae.noarch.rpm
qpid-proton-c-docs-0.19.0-1.el7cf.noarch.rpm
qpid-proton-cpp-docs-0.19.0-1.el7cf.noarch.rpm
rabbitmq-server-3.6.9-1.el7at.noarch.rpm
rh-ruby23-rubygem-bcrypt-doc-3.1.11-1.el7cf.noarch.rpm
rh-ruby23-rubygem-ffi-doc-1.9.18-1.el7cf.noarch.rpm
rh-ruby23-rubygem-hamlit-doc-2.7.5-1.el7cf.noarch.rpm
rh-ruby23-rubygem-http_parser.rb-doc-0.6.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-linux_block_device-doc-0.2.1-1.el7cf.noarch.rpm
rh-ruby23-rubygem-memory_buffer-doc-0.1.0-2.el7cf.noarch.rpm
rh-ruby23-rubygem-nio4r-doc-2.1.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-doc-4.2.1-1.el7cf.noarch.rpm
rh-ruby23-rubygem-pg-doc-0.18.4-1.el7cf.noarch.rpm
rh-ruby23-rubygem-puma-doc-3.7.1-1.el7cf.noarch.rpm
rh-ruby23-rubygem-qpid_proton-doc-0.19.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-redhat_access_cfme-2.0.2-2.el7cf.noarch.rpm
rh-ruby23-rubygem-redhat_access_cfme-doc-2.0.2-2.el7cf.noarch.rpm
rh-ruby23-rubygem-redhat_access_lib-1.1.4-1.el7cf.noarch.rpm
rh-ruby23-rubygem-rugged-doc-0.25.1.1-1.el7cf.noarch.rpm
rh-ruby23-rubygem-sqlite3-doc-1.3.13-1.el7cf.noarch.rpm
rh-ruby23-rubygem-unf_ext-doc-0.0.7.4-1.el7cf.noarch.rpm
rh-ruby23-rubygem-websocket-driver-doc-0.6.5-1.el7cf.noarch.rpm
smem-1.4-1.el7cf.noarch.rpm
supervisor-3.1.4-1.el7.noarch.rpm

x86_64:
ansible-tower-3.1.5-3.el7at.x86_64.rpm
ansible-tower-server-3.1.5-3.el7at.x86_64.rpm
ansible-tower-setup-3.1.5-3.el7at.x86_64.rpm
ansible-tower-ui-3.1.5-3.el7at.x86_64.rpm
bubblewrap-0.1.7-1.el7.x86_64.rpm
bubblewrap-debuginfo-0.1.7-1.el7.x86_64.rpm
cfme-5.9.0.22-1.el7cf.x86_64.rpm
cfme-amazon-smartstate-5.9.0.22-1.el7cf.x86_64.rpm
cfme-appliance-5.9.0.22-1.el7cf.x86_64.rpm
cfme-appliance-common-5.9.0.22-1.el7cf.x86_64.rpm
cfme-appliance-debuginfo-5.9.0.22-1.el7cf.x86_64.rpm
cfme-appliance-tools-5.9.0.22-1.el7cf.x86_64.rpm
cfme-debuginfo-5.9.0.22-1.el7cf.x86_64.rpm
cfme-gemset-5.9.0.22-1.el7cf.x86_64.rpm
cfme-gemset-debuginfo-5.9.0.22-1.el7cf.x86_64.rpm
dbus-api-service-1.0.1-2.el7cf.x86_64.rpm
dumb-init-1.2.0-1.el7.x86_64.rpm
dumb-init-debuginfo-1.2.0-1.el7.x86_64.rpm
erlang-19.0.4-1.el7at.x86_64.rpm
erlang-debuginfo-19.0.4-1.el7at.x86_64.rpm
freeipmi-1.5.1-2.el7cf.x86_64.rpm
freeipmi-bmc-watchdog-1.5.1-2.el7cf.x86_64.rpm
freeipmi-debuginfo-1.5.1-2.el7cf.x86_64.rpm
freeipmi-devel-1.5.1-2.el7cf.x86_64.rpm
freeipmi-ipmidetectd-1.5.1-2.el7cf.x86_64.rpm
freeipmi-ipmiseld-1.5.1-2.el7cf.x86_64.rpm
google-config-2.0.0-1.el7cf.x86_64.rpm
httpd-configmap-generator-0.2.1-1.el7cf.x86_64.rpm
nginx-1.10.2-1.el7at.x86_64.rpm
nginx-debuginfo-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-geoip-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-image-filter-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-perl-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-xslt-filter-1.10.2-1.el7at.x86_64.rpm
nginx-mod-mail-1.10.2-1.el7at.x86_64.rpm
nginx-mod-stream-1.10.2-1.el7at.x86_64.rpm
postgresql94-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-contrib-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-debuginfo-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-devel-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-docs-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-libs-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-plperl-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-plpython-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-pltcl-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-server-9.4.15-3PGDG.el7at.x86_64.rpm
postgresql94-test-9.4.15-3PGDG.el7at.x86_64.rpm
prince-9.0r2-10.el7cf.x86_64.rpm
python-crypto-debuginfo-2.6.1-16.el7at.x86_64.rpm
python-meld3-0.6.10-1.el7.x86_64.rpm
python-meld3-debuginfo-0.6.10-1.el7.x86_64.rpm
python-qpid-proton-0.19.0-1.el7cf.x86_64.rpm
python2-crypto-2.6.1-16.el7at.x86_64.rpm
qpid-proton-c-0.19.0-1.el7cf.x86_64.rpm
qpid-proton-c-devel-0.19.0-1.el7cf.x86_64.rpm
qpid-proton-cpp-0.19.0-1.el7cf.x86_64.rpm
qpid-proton-cpp-devel-0.19.0-1.el7cf.x86_64.rpm
qpid-proton-debuginfo-0.19.0-1.el7cf.x86_64.rpm
rh-postgresql95-postgresql-pglogical-2.1.0-2.el7cf.x86_64.rpm
rh-postgresql95-postgresql-pglogical-debuginfo-2.1.0-2.el7cf.x86_64.rpm
rh-postgresql95-repmgr-3.1.3-2.el7cf.x86_64.rpm
rh-postgresql95-repmgr-debuginfo-3.1.3-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-bcrypt-3.1.11-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-bcrypt-debuginfo-3.1.11-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-ffi-1.9.18-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-ffi-debuginfo-1.9.18-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-hamlit-2.7.5-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-hamlit-debuginfo-2.7.5-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-2.0.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-debuginfo-2.0.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-doc-2.0.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-linux_block_device-0.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-linux_block_device-debuginfo-0.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-memory_buffer-0.1.0-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-memory_buffer-debuginfo-0.1.0-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-nio4r-2.1.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nio4r-debuginfo-2.1.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-debuginfo-1.8.1-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-doc-1.8.1-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-4.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-debuginfo-4.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-pg-0.18.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-pg-debuginfo-0.18.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-puma-3.7.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-puma-debuginfo-3.7.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-qpid_proton-0.19.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-qpid_proton-debuginfo-0.19.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-rugged-0.25.1.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-rugged-debuginfo-0.25.1.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-sqlite3-1.3.13-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-sqlite3-debuginfo-1.3.13-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-unf_ext-0.0.7.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-unf_ext-debuginfo-0.0.7.4-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-websocket-driver-0.6.5-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-websocket-driver-debuginfo-0.6.5-1.el7cf.x86_64.rpm
wmi-1.3.14-7.el7cf.x86_64.rpm
wmi-debuginfo-1.3.14-7.el7cf.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-15125
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iD8DBQFal/utXlSAg2UNWIIRApBmAJ9VN2/6zz0vaiQWmHKEIfraEkxS+ACeP+v4
oBAo9kFVddHc+hjxzU9Bbhc=
=QM9l
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa freexl

Otkriveni su sigurnosni nedostaci u programskom paketu freexl za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju prekoračenje spremnika gomile....

Close