—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat CloudForms security, bug fix, and enhancement update
Advisory ID: RHSA-2018:1972-01
Product: Red Hat CloudForms
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1972
Issue date: 2018-06-25
Cross references: RHBA-2018:1109
CVE Names: CVE-2018-1101 CVE-2018-1104 CVE-2018-7750
=====================================================================

1. Summary:

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.8 – noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.

Security Fix(es):

* python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)

* ansible-tower: Privilege escalation flaw allows for organization admins
to obtain system privileges (CVE-2018-1101)

* ansible-tower: Remote code execution by users with access to define
variables in job templates (CVE-2018-1104)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104. The
CVE-2018-1101 issue was discovered by Graham Mainwaring (Red Hat).

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1489507 – Simultaneous service catalog request do not honour quotas
1496902 – Can add ansible tower provider without validation
1500951 – Can’t Save Role when Enabling All Product Features for Ansible folder of a CloudForms Role
1511030 – Updates to RHEV Host Causes Duplicate Names in CloudForms
1526156 – Can’t configure Red Hat Dropbox for logs in a global region when a sub-region has one already configured
1531499 – Automation->Ansible is visible for multiple roles when it should not be
1532272 – Catalog dynamic element entry point selection is cached and does not allow selection
1533082 – Reset tag: Flash message duplication
1535369 – Cloud Subnet create form – ‘Cloud Subnet details’ title displayed twice, ‘Placement’ title (section) missing
1536684 – Tooltip on retire button blocks the click of options
1537132 – Miq Server leaks memory and we fail to detect and remediate it
1540579 – Deployment roles are missing on CFME 5.8.3.2 over RHOS 12
1541341 – Gettext strings should not contain interpolations
1541427 – Tag assignment: ‘Reset’ button doesn’t work for vms, templates
1541700 – RHOS 12: Infra provider scale down is broken
1544488 – [UI][RHOS] – remove Edit and Delete actions when in the SDN list view
1549626 – webui updates failing when a proxy is required
1549723 – WebUI: Tool tip displays html code while setting the ownership for multiple vm’s
1549833 – cpu_usagemhz_rate_average is 0 for RHV 4 VMs
1550116 – Subscription page fails when a remote database is down
1550276 – Getting Couldn’t find MiqTask Errors in evm.log
1550715 – Stored C&U “CPU (Mhz)” values for RHV VMs are incorrect (too high) by a factor of two
1550729 – Replication configuration page does not open when child database is down
1550732 – [Ansible Embedded] – Embedded Ansible cannot be enabled on IPv6 only appliance
1550737 – unable to view quotas without manage quota permissoin being enabled in 5.8.2
1551627 – Automate code from git does not work for repositories without master
1551693 – internal server error ActiveRecord::AssociationTypeMismatch when editing current_group
1551697 – Colons are unhandled in BaseModel key generation in AzureArmrest
1551699 – Not possible to configure GCE provider for new regions (southamerica-east1) on CFME
1552135 – Openstack refresh fails if it finds non-public flavors
1552233 – [RFE] Ability to select OpenStack External external network during the instance provisioning
1552780 – Adding floating IP from OSP do not enforce tenancy limits
1552891 – Tagging: Edit tags page doesn’t open for network list items navigated through parent details page
1552905 – The accordion folds after adding a schedule
1553225 – Set Ownership can not be changed back to default
1553249 – UI: Same icon used for multiple options on Cloud Tenants page
1553308 – Undefined method `vmm_version’ for nil:NilClass on VM summary screen
1553331 – Using webmks console one cannot type correctly the password when it contains special characters
1553337 – Default view settings fails for service catalogs
1553364 – Add miqssh utilities
1553465 – Enhance credential missing msg/behavior for VMRC console access
1553473 – Region size of 10,000 Objects Supportable for VMware Provider
1554533 – Schedule report fails to send mail when report is not empty
1554543 – Long time to refresh network provider on OpenStack
1554900 – when deleting an archived node using configure > remove a unknown method error is raised
1555487 – Dynamic Dropdown Multiselect: By default selects an element
1556814 – symbol conversion error while detaching disks from an openstack instance
1557025 – [RFE] Amazon provider – Allow user to enable and disable instance_types
1557130 – CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
1558032 – internal server error when accessing the “policy_events” attribute of the “vms” resource
1558039 – AWS flavor list is out of date
1558047 – OpenStack – Include Provider Error Message in MiqProvisionFailure
1558076 – Fix WebMKS/VNC console connectivity
1558595 – No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2
1558622 – RedHat domain can be edited/deleted
1559551 – Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage
1559553 – Api::ServiceCatalogsController timeout error in multi-regional environment
1560097 – Error occurs when trying to edit a catalog item
1560099 – Outgoing SMTP E-mail Server settings not saved on first attempt
1560693 – Stop CF pestering OpenStack for Swift status when there is no Swift.
1561077 – Duplicate RBAC Role and Group names allowed when using different capitalization from the original name
1562773 – tenant source_id compromisation after changing provider credentials
1562775 – Approval permissions are not followed between different groups
1562798 – CFME – usage of non standard special characters (e.g. accents) in password causes user is not able to login
1563492 – CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
1563721 – Differencing Disk on Network Drive Fails Smartstate if initial disk on Local DRive.
1563741 – ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine
1564264 – Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]=’
1564454 – [Regression] Unexpected error while opening Cloud Intel Timelines
1565157 – Unable to see realtime data from OpenShift in CloudForms UI
1565162 – Ansible playbook credentials always show default value in SUI
1565169 – openstack provisioning instance fail on checkprovisioned
1565248 – Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone
1565342 – [Azure]Provision Multiple VMs with Public IP selection options
1565358 – [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory
1565362 – SSA fails if disk has empty partitions in the beginning
1565364 – Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0]
1565365 – Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log
1565366 – VMware Edit provider has Host Default VNC start and End Port options, but Add Provider does not
1565389 – Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace)
1565403 – Creating buttons under the Datastore objects do not appear on Datastore Details Pages
1565414 – Total matches of Ems Cluster roles showing wrong count
1565678 – Container reports take too much time to generate
1565724 – vm reconfigure when quota enabled gets stuck in ‘pending’ state
1565760 – Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash
1565835 – Role inconsistency with privileges when creating reports and setting chargeback filters
1565862 – CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates
1566256 – DRb ‘close’ error for closed connection
1566528 – Reporting worker exceeding threshold for default report tied to custom widget
1566746 – Dropdown to delete a “not responding” server is missing
1567983 – Middleware Provider Timelines Typo in Policy Events->Middleware Operation Description ‘Tagret’
1568016 – notifications do not get cleared from the notification table
1568042 – CloudForms: Unable to perform “Exit Maintenance Mode” task of VMware host
1568045 – Control->Explorer is visible for evmgroup-security role
1568084 – Default Container Image Rate can be deleted
1568159 – User Interface does not come up after reboot
1568168 – Moving widgets to the bottom of a column fails
1568576 – Deployment template validation failed
1568603 – Git repo automate datastore refresh timing out upon credential change
1569079 – Getting Forbidden exception after ordering the service by non-admin user.
1569100 – Orphaned and Archived VMs displayed in running vms filter
1569104 – Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances
1569118 – Apache Reloaded twice with logrotate
1569127 – We cannot backdate the schedule once you schedule it
1569171 – Help Documentation is only visible to users with super admin role
1569179 – ERROR : 404 when trying to set the retirement date of the service
1569230 – Missing Guest OS in dashboard reports in Openstack
1569237 – [UI] – ManageIQ string in PDF summary file for flavors
1569241 – Tagging: Edit tags page doesn’t open for images opened from provider summary page
1570060 – [RFE] Metrics for memory usage of AWS instances is missing from C&U
1570951 – Service and VM retirement are non-deterministic, running parallel
1570990 – Service Catalog Item Subtype not rendered in UI
1571311 – Unable to select storage manager from drop down list through classic UI
1572621 – RHSM failing to register with proxy settings
1572719 – Provider Inventory worker vim.log fills up due to large log messages
1573540 – Dashboard widget is not providing exact content due to Type conversion Exception.
1574155 – Refresh Failing for VMware VIM object is too large
1574571 – OSPD 12 Undercloud – Infrastructure Provider refresh failed
1574615 – [RFE] make available tags defined on the azure side on azure objects to cloudforms for reports
1576101 – total costs no longer showing in any chargeback report if they are the only columns in the report
1578575 – RHOSP11 metric collection stuck with error: Fog::Metric::OpenStack::NotFound
1578853 – Compliance check is greyed out under VM summary screen when VM is selected but not when you click on the VM.
1578866 – Error upon successful SAML login when username contains capital letters
1581387 – Dynamic dropdown doesn’t refresh correctly
1583711 – Unexpected Error when accessing SERVICE -> REQUESTS (undefined method find_tags_by_grouping)
1583790 – UI Worker Exceeding Memory Trying to View Hosts for VMware Provider
1584187 – CPU Utilization report graph shows dates on x axis in random order
1584688 – refresh_target_for_ems is not running in one of our environments
1589834 – [RFE][XS-2] Add possibility to unregister a VM in RHV provider

6. Package List:

CloudForms Management Engine 5.8:

Source:
ansible-2.4.4.0-1.el7ae.src.rpm
cfme-5.8.4.5-1.el7cf.src.rpm
cfme-appliance-5.8.4.5-1.el7cf.src.rpm
cfme-gemset-5.8.4.5-1.el7cf.src.rpm
python-paramiko-2.1.1-4.el7.src.rpm
rh-ruby23-rubygem-json-2.1.0-1.el7cf.src.rpm

noarch:
ansible-2.4.4.0-1.el7ae.noarch.rpm
python-paramiko-2.1.1-4.el7.noarch.rpm
python-paramiko-doc-2.1.1-4.el7.noarch.rpm

x86_64:
ansible-tower-server-3.1.7-1.el7at.x86_64.rpm
ansible-tower-setup-3.1.7-1.el7at.x86_64.rpm
cfme-5.8.4.5-1.el7cf.x86_64.rpm
cfme-appliance-5.8.4.5-1.el7cf.x86_64.rpm
cfme-appliance-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm
cfme-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm
cfme-gemset-5.8.4.5-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-2.1.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-debuginfo-2.1.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-doc-2.1.0-1.el7cf.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1101
https://access.redhat.com/security/cve/CVE-2018-1104
https://access.redhat.com/security/cve/CVE-2018-7750
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWzD5qtzjgjWX9erEAQiK2hAAhOtZS0+zGTCALFpG25I5MaBun1/3J/CQ
F54hMVV9Bn8DPlmoliZb1ilnVdjddTMGCtvh/vJhu0dK/sBUcg6ROLsz6krIwKHN
nW3DPVeQzYNpOg8zkHlaTZ/8kVggaWFjl12SVv2ax7eRjviSDnquExWydcy3T+y1
aqrKDPyKHis+yPM/GjlzUXOskJwok4E0vAjCEjslrShR/RoBuoggMguVGOjzk7ti
6UN7EgpjkSNNuazIueJFNxYnO7y6+4JQr94+aEsF+em2VXZh/7kS2apM8jC8Qatt
gTjVCWelv8IvqVeqrPeQokl0m08V6jhn92JpTx3Btj80cwFNfPfgbMBvX5Awc6S7
MJPXLVAjff1EsXDriQGxTZaMs8XqKZzYuLGEM1bVLtyZ4PxqAispljljo2Pt4RaR
ovwVjZDludnprc/6JoNdT0QpA/kK7Q+Z6YAp4ndRRSLbpt69iuTPEKq2t0LgY7WT
uy2mPTZ7G9s+V6VKlLecHYpaf1/SZp0l5/XmQ5Np0BMNBLq67/yxBkQVpl0Pyp0i
2VAahnenpQ1ReZsGISj7ijVonnh+J5f3tczs0pAhQ/kaYsBnMbxle6d8PXxzA5KR
VfCYDJMM1tYIUWEGjanpImOwKZ+P+nyISTm1eMAtSvgwGXHqM527LVlW/scEz6ye
zlTUMlF4Lis=
=Pbnm
—–END PGP SIGNATURE—–

—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce