-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat CloudForms security, bug fix, and enhancement update Advisory ID: RHSA-2018:1972-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2018:1972 Issue date: 2018-06-25 Cross references: RHBA-2018:1109 CVE Names: CVE-2018-1101 CVE-2018-1104 CVE-2018-7750 ===================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.8 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) * ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101) * ansible-tower: Remote code execution by users with access to define variables in job templates (CVE-2018-1104) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Simon VikstrAPm for reporting CVE-2018-1104. The CVE-2018-1101 issue was discovered by Graham Mainwaring (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1489507 - Simultaneous service catalog request do not honour quotas 1496902 - Can add ansible tower provider without validation 1500951 - Can't Save Role when Enabling All Product Features for Ansible folder of a CloudForms Role 1511030 - Updates to RHEV Host Causes Duplicate Names in CloudForms 1526156 - Can't configure Red Hat Dropbox for logs in a global region when a sub-region has one already configured 1531499 - Automation->Ansible is visible for multiple roles when it should not be 1532272 - Catalog dynamic element entry point selection is cached and does not allow selection 1533082 - Reset tag: Flash message duplication 1535369 - Cloud Subnet create form - 'Cloud Subnet details' title displayed twice, 'Placement' title (section) missing 1536684 - Tooltip on retire button blocks the click of options 1537132 - Miq Server leaks memory and we fail to detect and remediate it 1540579 - Deployment roles are missing on CFME 5.8.3.2 over RHOS 12 1541341 - Gettext strings should not contain interpolations 1541427 - Tag assignment: 'Reset' button doesn't work for vms, templates 1541700 - RHOS 12: Infra provider scale down is broken 1544488 - [UI][RHOS] - remove Edit and Delete actions when in the SDN list view 1549626 - webui updates failing when a proxy is required 1549723 - WebUI: Tool tip displays html code while setting the ownership for multiple vm's 1549833 - cpu_usagemhz_rate_average is 0 for RHV 4 VMs 1550116 - Subscription page fails when a remote database is down 1550276 - Getting Couldn't find MiqTask Errors in evm.log 1550715 - Stored C&U "CPU (Mhz)" values for RHV VMs are incorrect (too high) by a factor of two 1550729 - Replication configuration page does not open when child database is down 1550732 - [Ansible Embedded] - Embedded Ansible cannot be enabled on IPv6 only appliance 1550737 - unable to view quotas without manage quota permissoin being enabled in 5.8.2 1551627 - Automate code from git does not work for repositories without master 1551693 - internal server error ActiveRecord::AssociationTypeMismatch when editing current_group 1551697 - Colons are unhandled in BaseModel key generation in AzureArmrest 1551699 - Not possible to configure GCE provider for new regions (southamerica-east1) on CFME 1552135 - Openstack refresh fails if it finds non-public flavors 1552233 - [RFE] Ability to select OpenStack External external network during the instance provisioning 1552780 - Adding floating IP from OSP do not enforce tenancy limits 1552891 - Tagging: Edit tags page doesn't open for network list items navigated through parent details page 1552905 - The accordion folds after adding a schedule 1553225 - Set Ownership can not be changed back to default 1553249 - UI: Same icon used for multiple options on Cloud Tenants page 1553308 - Undefined method `vmm_version' for nil:NilClass on VM summary screen 1553331 - Using webmks console one cannot type correctly the password when it contains special characters 1553337 - Default view settings fails for service catalogs 1553364 - Add miqssh utilities 1553465 - Enhance credential missing msg/behavior for VMRC console access 1553473 - Region size of 10,000 Objects Supportable for VMware Provider 1554533 - Schedule report fails to send mail when report is not empty 1554543 - Long time to refresh network provider on OpenStack 1554900 - when deleting an archived node using configure > remove a unknown method error is raised 1555487 - Dynamic Dropdown Multiselect: By default selects an element 1556814 - symbol conversion error while detaching disks from an openstack instance 1557025 - [RFE] Amazon provider - Allow user to enable and disable instance_types 1557130 - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py 1558032 - internal server error when accessing the "policy_events" attribute of the "vms" resource 1558039 - AWS flavor list is out of date 1558047 - OpenStack - Include Provider Error Message in MiqProvisionFailure 1558076 - Fix WebMKS/VNC console connectivity 1558595 - No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2 1558622 - RedHat domain can be edited/deleted 1559551 - Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage 1559553 - Api::ServiceCatalogsController timeout error in multi-regional environment 1560097 - Error occurs when trying to edit a catalog item 1560099 - Outgoing SMTP E-mail Server settings not saved on first attempt 1560693 - Stop CF pestering OpenStack for Swift status when there is no Swift. 1561077 - Duplicate RBAC Role and Group names allowed when using different capitalization from the original name 1562773 - tenant source_id compromisation after changing provider credentials 1562775 - Approval permissions are not followed between different groups 1562798 - CFME - usage of non standard special characters (e.g. accents) in password causes user is not able to login 1563492 - CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges 1563721 - Differencing Disk on Network Drive Fails Smartstate if initial disk on Local DRive. 1563741 - ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine 1564264 - Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]=' 1564454 - [Regression] Unexpected error while opening Cloud Intel Timelines 1565157 - Unable to see realtime data from OpenShift in CloudForms UI 1565162 - Ansible playbook credentials always show default value in SUI 1565169 - openstack provisioning instance fail on checkprovisioned 1565248 - Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone 1565342 - [Azure]Provision Multiple VMs with Public IP selection options 1565358 - [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory 1565362 - SSA fails if disk has empty partitions in the beginning 1565364 - Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0] 1565365 - Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log 1565366 - VMware Edit provider has Host Default VNC start and End Port options, but Add Provider does not 1565389 - Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace) 1565403 - Creating buttons under the Datastore objects do not appear on Datastore Details Pages 1565414 - Total matches of Ems Cluster roles showing wrong count 1565678 - Container reports take too much time to generate 1565724 - vm reconfigure when quota enabled gets stuck in 'pending' state 1565760 - Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash 1565835 - Role inconsistency with privileges when creating reports and setting chargeback filters 1565862 - CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates 1566256 - DRb 'close' error for closed connection 1566528 - Reporting worker exceeding threshold for default report tied to custom widget 1566746 - Dropdown to delete a "not responding" server is missing 1567983 - Middleware Provider Timelines Typo in Policy Events->Middleware Operation Description 'Tagret' 1568016 - notifications do not get cleared from the notification table 1568042 - CloudForms: Unable to perform "Exit Maintenance Mode" task of VMware host 1568045 - Control->Explorer is visible for evmgroup-security role 1568084 - Default Container Image Rate can be deleted 1568159 - User Interface does not come up after reboot 1568168 - Moving widgets to the bottom of a column fails 1568576 - Deployment template validation failed 1568603 - Git repo automate datastore refresh timing out upon credential change 1569079 - Getting Forbidden exception after ordering the service by non-admin user. 1569100 - Orphaned and Archived VMs displayed in running vms filter 1569104 - Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances 1569118 - Apache Reloaded twice with logrotate 1569127 - We cannot backdate the schedule once you schedule it 1569171 - Help Documentation is only visible to users with super admin role 1569179 - ERROR : 404 when trying to set the retirement date of the service 1569230 - Missing Guest OS in dashboard reports in Openstack 1569237 - [UI] - ManageIQ string in PDF summary file for flavors 1569241 - Tagging: Edit tags page doesn't open for images opened from provider summary page 1570060 - [RFE] Metrics for memory usage of AWS instances is missing from C&U 1570951 - Service and VM retirement are non-deterministic, running parallel 1570990 - Service Catalog Item Subtype not rendered in UI 1571311 - Unable to select storage manager from drop down list through classic UI 1572621 - RHSM failing to register with proxy settings 1572719 - Provider Inventory worker vim.log fills up due to large log messages 1573540 - Dashboard widget is not providing exact content due to Type conversion Exception. 1574155 - Refresh Failing for VMware VIM object is too large 1574571 - OSPD 12 Undercloud - Infrastructure Provider refresh failed 1574615 - [RFE] make available tags defined on the azure side on azure objects to cloudforms for reports 1576101 - total costs no longer showing in any chargeback report if they are the only columns in the report 1578575 - RHOSP11 metric collection stuck with error: Fog::Metric::OpenStack::NotFound 1578853 - Compliance check is greyed out under VM summary screen when VM is selected but not when you click on the VM. 1578866 - Error upon successful SAML login when username contains capital letters 1581387 - Dynamic dropdown doesn't refresh correctly 1583711 - Unexpected Error when accessing SERVICE -> REQUESTS (undefined method find_tags_by_grouping) 1583790 - UI Worker Exceeding Memory Trying to View Hosts for VMware Provider 1584187 - CPU Utilization report graph shows dates on x axis in random order 1584688 - refresh_target_for_ems is not running in one of our environments 1589834 - [RFE][XS-2] Add possibility to unregister a VM in RHV provider 6. Package List: CloudForms Management Engine 5.8: Source: ansible-2.4.4.0-1.el7ae.src.rpm cfme-5.8.4.5-1.el7cf.src.rpm cfme-appliance-5.8.4.5-1.el7cf.src.rpm cfme-gemset-5.8.4.5-1.el7cf.src.rpm python-paramiko-2.1.1-4.el7.src.rpm rh-ruby23-rubygem-json-2.1.0-1.el7cf.src.rpm noarch: ansible-2.4.4.0-1.el7ae.noarch.rpm python-paramiko-2.1.1-4.el7.noarch.rpm python-paramiko-doc-2.1.1-4.el7.noarch.rpm x86_64: ansible-tower-server-3.1.7-1.el7at.x86_64.rpm ansible-tower-setup-3.1.7-1.el7at.x86_64.rpm cfme-5.8.4.5-1.el7cf.x86_64.rpm cfme-appliance-5.8.4.5-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm cfme-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm cfme-gemset-5.8.4.5-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-debuginfo-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-doc-2.1.0-1.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1101 https://access.redhat.com/security/cve/CVE-2018-1104 https://access.redhat.com/security/cve/CVE-2018-7750 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWzD5qtzjgjWX9erEAQiK2hAAhOtZS0+zGTCALFpG25I5MaBun1/3J/CQ F54hMVV9Bn8DPlmoliZb1ilnVdjddTMGCtvh/vJhu0dK/sBUcg6ROLsz6krIwKHN nW3DPVeQzYNpOg8zkHlaTZ/8kVggaWFjl12SVv2ax7eRjviSDnquExWydcy3T+y1 aqrKDPyKHis+yPM/GjlzUXOskJwok4E0vAjCEjslrShR/RoBuoggMguVGOjzk7ti 6UN7EgpjkSNNuazIueJFNxYnO7y6+4JQr94+aEsF+em2VXZh/7kS2apM8jC8Qatt gTjVCWelv8IvqVeqrPeQokl0m08V6jhn92JpTx3Btj80cwFNfPfgbMBvX5Awc6S7 MJPXLVAjff1EsXDriQGxTZaMs8XqKZzYuLGEM1bVLtyZ4PxqAispljljo2Pt4RaR ovwVjZDludnprc/6JoNdT0QpA/kK7Q+Z6YAp4ndRRSLbpt69iuTPEKq2t0LgY7WT uy2mPTZ7G9s+V6VKlLecHYpaf1/SZp0l5/XmQ5Np0BMNBLq67/yxBkQVpl0Pyp0i 2VAahnenpQ1ReZsGISj7ijVonnh+J5f3tczs0pAhQ/kaYsBnMbxle6d8PXxzA5KR VfCYDJMM1tYIUWEGjanpImOwKZ+P+nyISTm1eMAtSvgwGXHqM527LVlW/scEz6ye zlTUMlF4Lis= =Pbnm -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce