-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: CloudForms 5.0.3 security update Advisory ID: RHSA-2020:0588-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2020:0588 Issue date: 2020-02-25 Cross references: RHBA-2020:0452 CVE Names: CVE-2019-14894 ==================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.11 - x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * CloudForms: RCE vulnerability in NFS schedule backup (CVE-2019-14894) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1769411 - CVE-2019-14894 CloudForms: RCE vulnerability in NFS schedule backup 6. Package List: CloudForms Management Engine 5.11: Source: cfme-5.11.3.1-1.el8cf.src.rpm cfme-amazon-smartstate-5.11.3.1-1.el8cf.src.rpm cfme-appliance-5.11.3.1-1.el8cf.src.rpm cfme-gemset-5.11.3.1-1.el8cf.src.rpm x86_64: cfme-5.11.3.1-1.el8cf.x86_64.rpm cfme-amazon-smartstate-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-common-5.11.3.1-1.el8cf.x86_64.rpm cfme-appliance-tools-5.11.3.1-1.el8cf.x86_64.rpm cfme-gemset-5.11.3.1-1.el8cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14894 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_cloudforms/5.0/html/release_notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlSyv9zjgjWX9erEAQh44Q/9E5uIBeWkfp47qn3Yti8hNgbp747vUqd/ jm6EfGlsjsMcR3uSYKGn7byHxKWVs2YXJA5YzdV3Wq4a2wgM8Y1kro3wvLdOu+Ak woAuEv1VZRQK9EMhg1cGYf4b8ZMBUr6h5SzeLmw7FgFcFiFartlVj2yn6k57vwMZ INPi2SGece5NCxXM466Ksr7oizVtOrZvuV7XqnDp0hH54JEw/8M6vH9bsM1M1NLZ 5y//1upNpPdy0eaIbuyOuu25aV8VBshipnhnizdyb7jFsxZ8tiYy97Va6FsH9R2A 1VbIVPMJb24XlfmtZ4hLdtGVkh6rFWXgmhunn8yrPfWaG8yczPqO1g9QCmt9y8wU veehMhPATZyMekkxJarjC5PSbhpF0o5oXL1PWXdGMCOaYmF+wCv/ZfUFu/yiat2K oY5wZoI8Cb0N6AIGAh17v3H2P3QMl41g41T9w9nZt0HzY5SvZrh34kviQW2/hink WKY+MVtAD8oMR8BIQouxiaYfju4XMk03LGOVfJUjGJZhP2zSU5VytIsll8mqjtzA h8UaJqPp3A2J4WgAzleL3+85wITHRbPvyaGlwhSZsS+xyMP6olwSYSOgViaFsiiv yJzresrOuLGLXMi3ltf70wQwY2u0k126F9t9IFNhHNVYg2+v2Pn3IGif/7FOmBeU U9zp/DrQ354=oMfo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce