RHSA-2016:1996 - Security Advisory

Topic

Updated cfme packages that fix bugs and add various enhancements
are now available for Red Hat CloudForms 4.1.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control,
and automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails,
a model-view-controller (MVC) framework for web application
development. Action Pack implements the controller and the view
components.

• An input validation flaw was found in the way CloudForms regular

expressions were passed to the expression engine via the JSON API and the
web-based UI. A user with the ability to view collections and filter them
could use this flaw to execute arbitrary shell commands on the host with
the privileges of the CloudForms process. (CVE-2016-7040)

This issue was discovered by Tim Wade (Red Hat).

Additional Changes:

This update fixes bugs and adds various enhancements.
Documentation for these changes is available in the Release Notes linked
to in the References section.

All CFME users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat CloudForms 4.1 x86_64

Fixes

• BZ - 1337552 - Common datastore across multiple vcenter causes inventory confusion for provisions
• BZ - 1337577 - service requests don't show dynamic drop down selections
• BZ - 1343517 - When using external auth and removing a user from all groups the user's groups are not updated and he is still able to log-in to CFME Web-UI
• BZ - 1343717 - Openstack cloud provider - when using Keystone v3 domain for registration we need to ignore the projects that the user doesn't have access to
• BZ - 1343719 - Provisioning from RHEVM 3.6 template loses template boot sequence
• BZ - 1346953 - [RFE] Unable to set number_of_vms in non-generic service catalog items
• BZ - 1346989 - [RFE] Keystone domains support
• BZ - 1346990 - VM refreshes are failing but the message status from each of the EmsRefresh.refresh commands shows 'ok' in error
• BZ - 1347278 - [RFE] - lifecycle button missing from cloud images
• BZ - 1347330 - [ja_JP] Translations are missing in 'Compute'-'Clouds' menu and its sub menus
• BZ - 1347692 - [ja_JP] Translation issues on cloud intelligence->chargeback->assignments page.
• BZ - 1348631 - CPU Right Size recommendations only take into account CPU sockets, not cores per socket
• BZ - 1348637 - [ja_JP] Translation issues observed on cloud intelligence->Reports->reports page.
• BZ - 1348644 - [ja_JP] Translation issues on Services -> Requests page
• BZ - 1348648 - [ja_JP] Translations are missing in Compute-Services menu
• BZ - 1348649 - [ALL LANG] All contents are unlocalized under Control->Log.
• BZ - 1349059 - [ja_JP] Translations are either misplaced or missing on Settings->Configuration->Settings
• BZ - 1349423 - Dynamic Dropdown list of AWS instance Type for AWS GovCloud seems to be returning instance types that are not supported by AWS GovCloud
• BZ - 1351332 - [RFE] [SDN] - No providers tags relations displayed in Tolopogy
• BZ - 1352016 - Missing policy button on some of the Network Manager Relationship pages
• BZ - 1353291 - String interpolations must not be present in toolbar definitions
• BZ - 1354503 - OSP refresh fails with Policy doesn't allow os_compute_api:os-availability-zone:detail to be performed.
• BZ - 1357865 - RHEV VM Reconfigure: Set memory to a size smaller than guaranteed memory fail
• BZ - 1358323 - In Networks menu should all names in plural
• BZ - 1361175 - Error when canceling orchestration stack retirement form
• BZ - 1361176 - [RFE] Chargeback of containers based on tags
• BZ - 1361178 - Cannot Cancel Smart State Analysis of Container that is not completing -
• BZ - 1361693 - Advanced search in workloads expression element "Registry" hides select bar for element type
• BZ - 1362227 - Clicking on Reset button while editing a provider throws error message in UI for firefox browser
• BZ - 1362627 - [RFE] Allow reporting relationship between OpenShift pods and the image they run
• BZ - 1362631 - Maintain uniformity in dropdown values in japanese locale
• BZ - 1362634 - Package/Application icon in CloudForms looks like Apple AppStore logo
• BZ - 1362704 - Stack : Link " ManageIQ/Providers/Cloud Manager/Orchestration Stacks" shows "Page does not exists"
• BZ - 1363753 - SSUI : All languages are not shown in SSUI login dropdown
• BZ - 1363754 - [RFE] 'LDAP Group Look Up' string needs to changed to 'External auth Group Look Up' when auth mode is set to external(httpd)
• BZ - 1363891 - Datastores: " ActionController::RoutingError " when clicking on reload button
• BZ - 1364222 - Accessing the tags method of an MiqAeServiceLan object results in a NoMethodError exception
• BZ - 1364501 - Customer reporting growth of sessions table to an enormous size and postgresql logs don't indicate any auto-vacuum activity is happening
• BZ - 1366358 - SSUI: logo not displayed on login screen
• BZ - 1366596 - Container SSA results are aggregated instead of updated
• BZ - 1366597 - unable to tag datastores via rest api or UI
• BZ - 1366598 - Failed container scanning job does not timeout
• BZ - 1366599 - Image List shows "Unknown image source" for images
• BZ - 1368165 - Start date for report schedule is set to tomorrow
• BZ - 1368167 - Service provisioning messages overlapped in self service ui
• BZ - 1368168 - Editing RHEVM has default API Port 5000 in UI even though no port was set when creaing
• BZ - 1368170 - GCE instance was retired, but was not power off
• BZ - 1369583 - [Configuration management Jobs] - Wrong title of downloaded files
• BZ - 1370196 - LDAP group lookup fails with json UTF conversion errors
• BZ - 1370198 - Cloud tenant and AZ from overcloud show up in undercloud relationships
• BZ - 1370202 - page doesn't exist after session timeout on provider timeline page
• BZ - 1370208 - Unable to authenticate to RHEV provider after migration from cfme-5.4.4.2 (3.2) to cfme-5.6.0.13 (4.1)
• BZ - 1370209 - Request to restore diagnostic functionality critical to support (ie, current appliance settings) removed in the CFME 4.1
• BZ - 1370211 - Azure: undefined method `downcase'
• BZ - 1370216 - Azure provider fails EMS refresh
• BZ - 1370309 - missing rights to show AWS security groups caused null
• BZ - 1370310 - add support for secondary fixed IP addresses for AWS ENI interfaces
• BZ - 1370476 - No html Id's defined for the bootstrap switches in manage quota form
• BZ - 1370478 - "unexpected token at ..." error when validating Tower which returns internal server error 500
• BZ - 1370480 - Incorrect name is used for default Azure provider during discovery
• BZ - 1370481 - Catalog item becomes corrupt after removing template it was using
• BZ - 1370488 - Changing default instance_name in custom button from "Automation" to "Request"
• BZ - 1370568 - METHOD:: does not accept a full path to a method
• BZ - 1370569 - VMware folder support showing more than just folders
• BZ - 1370574 - Errno::ETIMEDOUT: Connection timed out on Azure at gallery.azure.com
• BZ - 1370575 - Region description doesn't change
• BZ - 1370586 - Multi-rate chargeback report can not be queued.
• BZ - 1371174 - After adding generic/orchestration catalog item infinispinner and 502 error(appliance crashed)
• BZ - 1371267 - Unable to get to Topology link in breadcrumb trail on Network Manager entities page
• BZ - 1371268 - [RFE] Add Global filters for RHEV block datastores
• BZ - 1371269 - C&U collection tab can sometimes be blank
• BZ - 1371270 - Cloud network manager availability zones back button redirects me to cloud provider
• BZ - 1371272 - unable to use {nil => "<default>"} with self provisioning when selecting dialog_tenant_name
• BZ - 1371311 - [Ansible Tower] Provider cannot be removed when selected from accordion tree
• BZ - 1371640 - [RFE] Create AWS EC2 appliance
• BZ - 1371666 - [ja_JP, zh_CN] Need to translate the title and tool-tips on Control -> Log page.
• BZ - 1371668 - [ja_JP, zh_CN] Need to translate drop-down config. menu options on Compute -> Containers -> Providers
• BZ - 1371669 - [ja_JP, zh_CN] Need to translate menu options under configuration on Networks -> providers.
• BZ - 1371670 - [ja_JP, zh_CN] Need to translate drop-down options and some strings on Optimize -> Planning page.
• BZ - 1371671 - [ja_JP, zh_CN] Need to translate strings on Automate -> Requests page
• BZ - 1371979 - Error:undefined method `size' for nil:NilClass when clicked on cloud provider after deleting network manager
• BZ - 1371980 - Automation Method Error When Accessing 'host'/'hosts' From a Switch
• BZ - 1371981 - Type Template/VM filter under VMs is useless
• BZ - 1372413 - UI: Inconsistent behavior when adding duplicate provider; infra provider X configuration manager
• BZ - 1372775 - Refresh Configuration Management Provider does not work when selected from the explorer tree
• BZ - 1372801 - Add ability to swap the default threaded puma web server for thin
• BZ - 1374377 - [RFE] Reporting on OpenShift Custom Labels
• BZ - 1374420 - multiple ip address for the same network_port_id for openStack provider
• BZ - 1374423 - Select button options " By Infrastructure providers" and "All VMs" should be renamed
• BZ - 1374450 - Compliance check history isn't shown if compliance policy is unconditional
• BZ - 1374695 - Multi-tenancy - tenant name not renamed in Set group ownership dropdown menu
• BZ - 1374696 - Adding rhevm infrastrcture provider and filling in bad IP bad user/pass error
• BZ - 1374815 - Error on Azure Cloud Discovery: wrong number of arguments
• BZ - 1375205 - SSUI displays "null" for azure resource group or fails if <new resource group> is selected
• BZ - 1375311 - validate_request for cloud does not include support for flavors
• BZ - 1375326 - Providers quick search should have searched string in brackets next to the title like all other pages
• BZ - 1375330 - Azure provisioning missing pre and post methods.
• BZ - 1375343 - Upgrade azure-armrest to 0.2.9.
• BZ - 1376010 - Amazon Image details doesn't open
• BZ - 1376130 - Utilization tree remembers selected node
• BZ - 1376132 - :cold_sweat: Don't include AvailabilityMixin into Object, that's really bad
• BZ - 1376137 - Fix report scheduler timer_types
• BZ - 1376138 - Change column type of cpu_cores_used_cost in reports to currency
• BZ - 1376139 - Fixed port_scan.rb file and related changes
• BZ - 1376140 - Memoize image_path helper in build_tags_tree
• BZ - 1376141 - Add single select false to guest access pair options on EC2
• BZ - 1376143 - Move _('locale_name') to Vmdb::FastGettextHelper
• BZ - 1376144 - ChargebackContainerProject - Filter project by tag
• BZ - 1376146 - Discrepancy in objects count in Containers Overview following Provider overview
• BZ - 1376147 - Re-check Authentication button for Providers in the GTL view
• BZ - 1376150 - Fix the toolbar button tooltip for Providers in GTL view
• BZ - 1376151 - Container Chargeback report: Rate Range by Project
• BZ - 1376153 - Update x1.32xlarge to enhanced and clustered networking.
• BZ - 1376154 - Replace corrupted PNGs
• BZ - 1376155 - cap&u dont puke when _debug
• BZ - 1376157 - SSUI : language : Shopping cart validation message needs to switch language when one is selected
• BZ - 1376158 - Update gettext catalogs from Zanata
• BZ - 1376159 - Use Rails version 5.0.0.1 or higher
• BZ - 1376160 - Relationships filter_by_resource_type scope
• BZ - 1376161 - Azure - Enhanced C&U support
• BZ - 1376162 - Azure cache
• BZ - 1376163 - Move join region logic into a rake task
• BZ - 1376164 - recent version of draper gem
• BZ - 1376165 - Changing default instance_name in custom button from "Automation" to "Request"
• BZ - 1376167 - Reworked building VMware nested datacenter folders in factory girl
• BZ - 1376168 - Fix Caching Issues for MiqDiskCache Module
• BZ - 1376169 - Show provider status color by bearer type authentication on container topology
• BZ - 1376170 - Multi endpoints dialog message
• BZ - 1376171 - Update required ovirt_metrics version
• BZ - 1376172 - BAT Handling in Checkpoint Disks Issues
• BZ - 1376173 - With the updated net-ldap 0.14.0, Net::LDAP:LdapError is no longer used.
• BZ - 1376174 - Make connection_configuration respect the default authentication type
• BZ - 1376175 - ArVirtual - Ownership uses virtual attributes / delegates
• BZ - 1376176 - Modify Azure Runner to use existing EMS
• BZ - 1376177 - Take 2: Speed up "VMs & Instances in My LDAP Group" filter in /vm_or_template/explorer
• BZ - 1376178 - Allow more than one iso datastore per type of EMS
• BZ - 1376513 - Unexpected error when clicked on service request
• BZ - 1376520 - service template provision tasks failing in check provision method
• BZ - 1376528 - [RHV 4.0] Provision VM ends up with "Validating New Vm" endless retries
• BZ - 1376557 - Clicking Automate triggers an error.
• BZ - 1376574 - Azure Enterprise Agreement subscriptions not catching events
• BZ - 1377416 - Unknown Error while refreshing Azure
• BZ - 1377420 - [ja_JP, zh_CN] User login credentials verification fail message is not localized

CVEs

• CVE-2016-7040

References

• https://access.redhat.com/security/updates/classification/#important