Show Table of Contents
Chapter 2. Release Information
2.1. Insights Release, January 2018
2.1.1. Release Notes
Features added with the current release include:
Red Hat Insights UI fullscreen - The team has given Red Hat Insights a new, full-screen layout, improving the usability and aesthetics of the UI while keeping the core Red Hat Insights functionality accessible.
Webhooks functionality - Red Hat Insights webhooks integrate with a user’s own tooling to enable an event-driven monitoring strategy that alerts when a system changes. This can free administrators from having to routinely check-in to Red Hat Insights to get that information. To learn more, refer to the KCS article, Understanding Red Hat Insights - Webhooks Integration.
2.1.2. Enhancements
Recent rules widget and filters - Stay informed of the latest rules we’ve added to our service with the Recent Rules widget located at the bottom of the Overview page.
Additional filtering has been added to the rules page to highlight these new rules.
- CI/CD example: Red Hat Insights with Jenkins - Building on the CI/CD functionality of the September 2017 release, the Red Hat Insights team invites you to learn more about using Red Hat Insights with Jenkins in Continuous Integration with Insights Examples.
- Webhooks example: Red Hat Insights with Slack - This Slack bot tutorial builds a Red Hat Insights webhook with a Slack bot to get notifications of system events.
2.1.3. Rules Added
The following rules were added to Insights in this development period:
- Information disclosure vulnerability in BlueZ via crafted SDP requests (CVE-2017-1000250)
- Kernel with loaded modules vulnerable to remote code execution via Bluetooth stack (CVE-2017-1000251/Blueborne)
- Kernel with loaded modules vulnerable to denial of service via Bluetooth stack (CVE-2017-1000251/Blueborne)
- Kernel vulnerable to remote code execution via Bluetooth stack (CVE-2017-1000251/Blueborne)
- Kernel vulnerable to denial of service via Bluetooth stack (CVE-2017-1000251/Blueborne)
- Master controller fails to start when changes are made to the SDN plugin if there are headless services in the cluster
- Failure to start VDSM when network interfaces are misconfigured in RHV
- Kernel is vulnerable to memory corruption or local privilege escalation (CVE-2017-1000253)
- Dnsmasq vulnerable to remote code execution via crafted DNS requests (CVE-2017-14491)
- Dnsmasq with listening processes vulnerable to remote code execution via crafted DNS requests (CVE-2017-14491)
- System lockups possible when abnormal VPD data returned from HBA
- Failure to retrieve information from ESX hypervisors due to running unpatched virt-who on Satellite 6.
- OpenStack environment is down due to an infinite loop between Gnocchi and Swift
- Network performance degradation when networking parameters are not properly tuned
- Network connectivity loss for large TCP stream protocols when using affected bonding/teaming mode
- wpa_supplicant with active WiFi is vulnerable to man-in-the-middle attack via crafted WPA2 frames (CVE-2017-13077)
- Unexpected behavior in command-line tools and 3rd party software when user or group names are numeric
- System lockup occurs when using netconsole over a bonding interface with ALB/TLB mode
- Java applications will be unavailable when G1 GC is used due to native memory leak
- The httpd service will become unavailable when it exceeds the configured nproc limits
- Slow restarts for httpd when the StartServers parameter is set to a large value
- Live migration fails when security_driver is set to none on OSP compute nodes
- VM migration failure when incompatible filters are used in nova.conf as scheduler_default_filters
- DNS resolution fails within an OpenShift Pod when DNS server address is set incorrectly
- Samba authentication fails when krb5.keytab kvno version does not match secrets.tdb
- Disk space may be exceeded when soft deleted rows are not purged from Nova database
- Kickstart profile page inaccessible in the Satellite web UI due to incorrect configuration.
- Boot failure when root PV is filtered out
- Suboptimal performance when the start/end values of the net.ipv4.ip_local_port_range tunable have the same parity
- Kernel vulnerable to memory corruption via permission bypass (CVE-2017-1000405)
- Compromised system by Linux/Ebury 1.6 malware - modified library
- Compromised system by Linux/Ebury 1.6 malware - suspicious library location
- Remote code execution vulnerability in NSS via crafted base64 data (CVE-2017-5461)
- Satellite 5 does not work as expected when the database schema is not upgraded during system package update
- Startup failure for AWT java applications when invalid fonts are installed
- Filesystem corruption when using unsupported journal modes
- Failure of critical Satellite services when the available disk space of Satellite partitions is too low
- Performance degradation in httpd due to incorrect MaxClients/MaxRequestWorkers configurations
- The httpd service hangs when the maximum number of connections reaches the value of ServerLimit and the limit of cpu cores is exceeded
- Tomcat vulnerable to information disclosure when using VirtualDirContext (CVE-2017-12616)
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.