RHSA-2018:1328 - Security Advisory

Topic

An update is now available for CloudForms Management Engine 5.9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

• python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)
• ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101)

Red Hat would like to thank Graham Mainwaring of Red Hat for reporting CVE-2018-1101.

• ansible-tower: Remote code execution by users with access to define variables in job templates (CVE-2018-1104)

Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104.

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat CloudForms 4.6 x86_64

Fixes

• BZ - 1495849 - [ALL_LANG] VM or Template comparison screen has untranslated entries.
• BZ - 1510499 - With RHV Graph refresh template numbers in Provider inventory does not get updated correctly.
• BZ - 1526086 - [ALL_LANG] Compute - Containers - Container Builds page has missing translations
• BZ - 1526088 - [ALL_LANG] Compute - Containers - Pods page has missing translations
• BZ - 1530680 - xClarity: EvmRole-operator unable to view physical server summary page
• BZ - 1530760 - [ALL_LANG] Control - Explorer - Policy Profiles - All Policy Profiles : 'Policy' is not localized
• BZ - 1533220 - [ALL_LANG] Control - Explorer - Actions - All Actions - Configure - Add a new Action : 'Action Type' drop-down menu has untranslated entries
• BZ - 1533233 - On Tag Assignment page Category has other Tags than preconfigured for it
• BZ - 1533515 - [ALL_LANG] User Icon - Configuration - Access Control - Roles : Add new Role has untranslated entries
• BZ - 1538094 - [ALL_LANG] User Icon - Tasks : untranslated entry
• BZ - 1538100 - [ALL_LANG] User Icon - Configuration - Settings - CFME Region: Region xx[xx] has untranslated entry
• BZ - 1549625 - webui updates failing when a proxy is required
• BZ - 1549722 - WebUI: Tool tip displays html code while setting the ownership for multiple vm's
• BZ - 1550728 - Replication configuration page does not open when child database is down
• BZ - 1550730 - [Ansible Embedded] - Embedded Ansible cannot be enabled on IPv6 only appliance
• BZ - 1550736 - unable to view quotas without manage quota permissoin being enabled in 5.8.2
• BZ - 1551692 - internal server error ActiveRecord::AssociationTypeMismatch when editing current_group
• BZ - 1551696 - Colons are unhandled in BaseModel key generation in AzureArmrest
• BZ - 1551698 - Not possible to configure GCE provider for new regions (southamerica-east1) on CFME
• BZ - 1551703 - RHOS: Unable to delete cloud tenant
• BZ - 1552266 - Duplicated choice exist in new alerts view
• BZ - 1552269 - Network router type string contains ManageIQ path
• BZ - 1552278 - Authentication issue for checking status of Task API via EvmRole_administrator privileged User
• BZ - 1552282 - [RFE] Make Automation State Machine Log Lines Uniform
• BZ - 1552288 - [RFE] Metrics for memory usage of AWS instances is missing from C&U
• BZ - 1552290 - AWS Smartstate Does Not Fail Gracefully if AMI To run Analysis Agent is Unavailable
• BZ - 1552301 - Azure Template to service Dialog conversion issue
• BZ - 1552303 - [Azure]Provision Multiple VMs with Public IP selection options
• BZ - 1552305 - GCE Region is useless in GCE Provider
• BZ - 1552323 - xClarity: server-host relationship to hosts managed by RHEV-M provider not created.
• BZ - 1552334 - Nuage provider name is always displayed as " Network Manager" on GUI
• BZ - 1552335 - EventCatcher is not restarted when Nuage provider is updated
• BZ - 1552671 - [RFE][XS-2] Add possibility to unregister a VM in RHV provider
• BZ - 1552673 - Cloudforms doesn't show IP of vms on vCloud provider
• BZ - 1552677 - VM does not have deletion event on its own timeline on vsphere55
• BZ - 1552704 - Default Docker Labels for Labeled Images in Chargeback Assignments
• BZ - 1552707 - Wrong error displayed when trying to add a group without a name
• BZ - 1552723 - Can't Manage Report Menu Accordions and Folders
• BZ - 1552735 - Filters not working properly in config mgmt configured systems
• BZ - 1552737 - UI: Broken bootstrapswitch design in custom button option of generic object
• BZ - 1552739 - [RFE] Expose Infra provider networks (RHOS) in host/node details
• BZ - 1552740 - [ALL_LANG] User Icon - Configuration - Settings - Schedules : Add a new Schedule page has untranslated entries
• BZ - 1552741 - Can't remove multiple instances or methods in UI.
• BZ - 1552743 - ui: Tabs switched When changing the System/Process type on add new button page
• BZ - 1552746 - typo in provider summary page: metrics type Hakular --> Hawkular
• BZ - 1552748 - [Embedded Ansible] Notification typo
• BZ - 1552753 - CFME Log lines in Diagnostics are divided into multiple lines
• BZ - 1552762 - Error when applying a filter in My Services from Adv search
• BZ - 1552763 - Remove Chargeback Rates field for Metering reports
• BZ - 1552776 - Auth MIQLDAP AD - miqldap_to_sssd conversion fails for ldap.
• BZ - 1552782 - Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0]
• BZ - 1552783 - Unable to add playbook repos after webui update
• BZ - 1552785 - Auth MIQLDAP AD - Users can't log in to console after miqldap_to_sssd conversion
• BZ - 1552790 - Validating credentials for replication throws error if pglogical schema not created
• BZ - 1552791 - miqldap_to_sssd help message is incorrect
• BZ - 1552792 - Auth External Auth SAML - Users with custom groups with special chars can't log in.
• BZ - 1552794 - A control alert for real time performance of a VM and Instance is not firing
• BZ - 1552796 - [RFE] Chargeback reports for OpenStack tenants
• BZ - 1552798 - [Providers] - Instances not linked after provider removal/addition
• BZ - 1552800 - Retirement requester is not passed down correctly to automate
• BZ - 1552801 - RBAC doesn't work for notifications
• BZ - 1552802 - No notification for failed registration
• BZ - 1552804 - configure_server_settings.rb changes numeric values to strings, causing failures when other code is expecting integers
• BZ - 1552809 - [RFE] Support RestAPI Primary Collection for Containers (object)
• BZ - 1552817 - SUI doesn't display costs for SCVMM services
• BZ - 1552824 - Can Add Duplicate Custom Attributes on OpenShift Provider Via the API
• BZ - 1552826 - internal server error when cloud_networks, cloud_subnets or security_groups subcolls requested on RHEVM
• BZ - 1552828 - internal server error when accessing attributes of the "picture" resource
• BZ - 1552838 - Targeted folder refresh doesn't work on VMware
• BZ - 1552842 - Customize vApp template prior provisioning (VMware vCloud Provider)
• BZ - 1552873 - RBAC Users can be removed from all associated groups after the webui shows the error "A User must be assigned to a Group"
• BZ - 1552879 - Tagging broken in Datastores and My Services page
• BZ - 1552880 - [RFE] There is no any indication in replication subscription screen for not accessible remote node
• BZ - 1552882 - The quad-icon tile for an OpenShift provider shows an exclamation mark, but a mouseover shows "Refresh Status: Success"
• BZ - 1552884 - Cursor on password field instead of username when we enter incorrect login details
• BZ - 1552886 - Unwanted comma in disk type string for Azure instances
• BZ - 1552889 - containers: identical volume name for different volumes in different pods is not useful for users (at least not admin)
• BZ - 1552890 - Tagging: Edit tags page doesn't open for network list items navigated through parent details page
• BZ - 1552895 - Error updating Nuage provider
• BZ - 1552900 - Title does not update when searching text in Datastores and other pages
• BZ - 1552903 - Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace)
• BZ - 1552904 - The accordion folds after adding a schedule
• BZ - 1552908 - Add button is not responsive on Role add page
• BZ - 1553191 - Timelines: Throws an error while trying to access Cloud Intel/Timelines
• BZ - 1553197 - Configuration -> Red Hat Updates tab does not list all required repositories
• BZ - 1553214 - JavaScript-UI: Wrong behavior of `display on button` checkbox while editing custom group form
• BZ - 1553224 - Set Ownership can not be changed back to default
• BZ - 1553241 - Container add provider empty flash message when not catch UI exception
• BZ - 1553242 - Tag: All Catalog Items are listed in resource dropdown while creating Catalog Bundle using restricted user
• BZ - 1553243 - Save button isn't activated when date is removed in VM "Set/Remove retirement date"
• BZ - 1553244 - [QEDevCollab] Components in 'Add button group' form causing test automation failures
• BZ - 1553251 - Chargeback Rates page title incorrect after deleting rate
• BZ - 1553288 - Flash message icon is not correct Bottlenecks page
• BZ - 1553295 - Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log
• BZ - 1553304 - Evacuate Host failed
• BZ - 1553307 - Undefined method `vmm_version' for nil:NilClass on VM summary screen
• BZ - 1553309 - [RFE] Generic objects not displayed
• BZ - 1553311 - Wrong 'Fixed IPs' font size while adding a router with external gateway
• BZ - 1553315 - C & U Collection settings in configuration page improper styling
• BZ - 1553316 - On schedules pages is shown pagination from analysis profiles
• BZ - 1553317 - Broken footer in alerts
• BZ - 1553319 - [RFE][S-3] UI displays disabled domains for a instance's domain priority
• BZ - 1553322 - audit.log should not contain translated messages
• BZ - 1553323 - Adding Interface to Router with user in Tenant show all Subnets and not only the Tenant's Subnet
• BZ - 1553326 - Switch icon is missed on tag assignment page
• BZ - 1553327 - Stack Outputs icon is not displayed
• BZ - 1553329 - Using webmks console one cannot type correctly the password when it contains special characters
• BZ - 1553336 - Default view settings fails for service catalogs
• BZ - 1553340 - [CONDITION] When we leave description blank, there are two identical flash messages.
• BZ - 1553345 - Openstack infra provider dashboard should not appear for an openstack infra provider
• BZ - 1553362 - Add miqssh utilities
• BZ - 1553384 - [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory
• BZ - 1553389 - VMware vCloud Provider's VM is only partially stopped/suspended
• BZ - 1553392 - EvmRole-auditor can perform actions on VM
• BZ - 1553393 - [RFE] Add RBAC and Tagging Support to Ansible Credentials.
• BZ - 1553396 - [RFE] Add RBAC and Tagging Support to Ansible Repos
• BZ - 1553397 - Error while checking that migrations are up to date
• BZ - 1553399 - Normalize text for operational alerts
• BZ - 1553480 - SUI : Clicking any link on dashboard does not change the navigation in left side
• BZ - 1553482 - Kebab menu appearing differently on service page and resource detail pages
• BZ - 1553483 - Kebab menu changes structure after 30 seconds in SSUI resource detail page
• BZ - 1553768 - [RFE] Add RBAC and Tagging Support to Ansible Playbooks
• BZ - 1553776 - Role inconsistency with privileges when creating reports and setting chargeback filters
• BZ - 1553779 - Restricted user can see all group and users
• BZ - 1553780 - notifications do not get cleared from the notification table
• BZ - 1553789 - Unable to add tag for configuration provider from 'All Rad Hat Satellites Providers'
• BZ - 1553791 - xClarity: Physical server summary page download as PDF button not supported
• BZ - 1553836 - Visibility expression does not evaluated correctly on custom buttons for Generic Object
• BZ - 1553873 - Missing Datastore Images
• BZ - 1553903 - [Regression] Backup/restore failing on appliances using pglogical
• BZ - 1554358 - Graph refresh should not be used for rhv36 providers
• BZ - 1554370 - Wrong breadcrumb link on order screen
• BZ - 1554454 - Adding a physical provider shows as infrastructure provider (text change)
• BZ - 1554532 - Schedule report fails to send mail when report is not empty
• BZ - 1554541 - Long time to refresh network provider on OpenStack
• BZ - 1554823 - Infinite spinner on Edit Playbook Reset button
• BZ - 1554825 - NTP server details doesn't show in UI after adding a new zone
• BZ - 1554832 - Automatic placement causes cloud tenant to not be selectable
• BZ - 1554839 - Policy simulation results are not displayed
• BZ - 1554889 - OpenStack Cinder Storage provider detail does not have link to Volume Backups
• BZ - 1554898 - when deleting an archived node using configure > remove a unknown method error is raised
• BZ - 1554901 - Missing Guest OS in dashboard reports in Openstack
• BZ - 1557130 - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
• BZ - 1557353 - Adding a network router via CloudForms the router is not seen by CloudForms
• BZ - 1557361 - [RFE][XS-2]Cloudforms does not show node hostname, only GUID for OpenStack Infrastructure Provider
• BZ - 1557367 - Request not required when adding Schedule
• BZ - 1557378 - [UI] There is no indication of cloud network delete operation
• BZ - 1557380 - Tagging: Edit tags page doesn't open for images opened from provider summary page
• BZ - 1557388 - Inconsistent capitalization of 'CPU' when creating chargeback rate
• BZ - 1557391 - Physical Infrastructure provider quadicons doesn't support single view
• BZ - 1557400 - Physical server quadicon switch under My Settings doesn't respect RBAC rules
• BZ - 1558030 - internal server error when accessing the "policy_events" attribute of the "vms" resource
• BZ - 1558038 - AWS flavor list is out of date
• BZ - 1558040 - Not able to scan instances in AWS
• BZ - 1558046 - OpenStack - Include Provider Error Message in MiqProvisionFailure
• BZ - 1558048 - Provision fails if no Subnet assigned not Cloud Network
• BZ - 1558078 - [RFE][M-5] Targeted Refresh for Azure Provider
• BZ - 1558092 - Dropdown to delete a "not responding" server is missing
• BZ - 1558142 - Network provider quadicons doesn't support single view
• BZ - 1558144 - UI inconsistency - Size Unit title missing when adding a new disk
• BZ - 1558544 - Creating buttons under the Datastore objects do not appear on Datastore Details Pages
• BZ - 1558594 - No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2
• BZ - 1558610 - Images from the webmks css causes CSP errors in browser console
• BZ - 1558621 - RedHat domain can be edited/deleted
• BZ - 1558626 - PG::InvalidTableDefinition: ERROR: cannot alter inherited column "resource_type
• BZ - 1559475 - CUI returning empty array when dialog without associations is saved
• BZ - 1559479 - [RFE] Add RHV Credential to Ansible Automation Inside
• BZ - 1559483 - CUI doesn't check dialog field associations
• BZ - 1559543 - [RFE] Metering Reports should provide Hours of Existence & Start and end time of VMs, Projects and Images
• BZ - 1559544 - [RFE] Collect Container Project Quota Historical data in Project Roll-up
• BZ - 1559550 - Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage
• BZ - 1559552 - Api::ServiceCatalogsController timeout error in multi-regional environment
• BZ - 1559609 - Amazon agent deployment has to choose the VPC which has attached gateway configuration
• BZ - 1559624 - Graph refresh does not fetch custom attributes
• BZ - 1560004 - [RFE] SCVMM provider refresh error message issue if provider user doesn't have access to VMM service
• BZ - 1560096 - Error occurs when trying to edit a catalog item
• BZ - 1560098 - Outgoing SMTP E-mail Server settings not saved on first attempt
• BZ - 1560100 - Total matches of Ems Cluster roles showing wrong count
• BZ - 1560104 - Automate Schedule: "Starting time" field saves nonsense.
• BZ - 1560692 - Stop CF pestering OpenStack for Swift status when there is no Swift.
• BZ - 1560699 - Consolidated RefreshWorkers may cause job starvation
• BZ - 1560703 - Refresh is broken for ec2 when get_public_images is set to true
• BZ - 1560708 - My Company(All EVM Groups) filter missing from reports schedule
• BZ - 1561076 - Duplicate RBAC Role and Group names allowed when using different capitalization from the original name
• BZ - 1561079 - [Regression]Error with report policy event for the last 7 days
• BZ - 1561085 - [RFE] Azure Network router not displayed on CFMe
• BZ - 1561091 - List view displayed instead of grid on Manage Policies screen
• BZ - 1561096 - Default selected tag name / value mismatch when assigning tags
• BZ - 1561107 - ERROR -- : AnsibleTowerClient::Middleware::RaiseTowerError Response Body: {"detail"=>["'username' is not a valid field for Vault"]}
• BZ - 1561216 - Failure to refresh on OpenStack provider when Fog::Storage::OpenStack::File object has nil body attribute
• BZ - 1561218 - [RHV] PXE provision with Network "use template nics" fail on creating VM
• BZ - 1561222 - ping feature inconsistent with webui ping when database connectivity is lost
• BZ - 1562075 - Duplicate values are shown in dialog dropdown.
• BZ - 1562235 - Nics are Provisioned out of Order for VMware Service Provision
• BZ - 1562772 - tenant source_id compromisation after changing provider credentials
• BZ - 1562777 - Approval permissions are not followed between different groups
• BZ - 1562779 - Cannot create service template using the API
• BZ - 1562780 - [SCVMM]Extract Running Processes completed Task List does not inform about Warnings.
• BZ - 1562782 - A state machine's on_exit method runs before the main method if the main method is an embedded Ansible playbook
• BZ - 1562785 - Refresh failed after performing vm_reconfiguration_task
• BZ - 1562788 - [Regression] RHV provider discovery doesn't work
• BZ - 1562791 - Database Replication broken for current and new regions
• BZ - 1562797 - CFME - usage of non standard special characters (e.g. accents) in password causes user is not able to login
• BZ - 1562800 - Schedule Operation: Cannot create schedule, "Add" button is not active
• BZ - 1562803 - [RFE] CFME, add Ansible GIT repository custom SSH port option
• BZ - 1562811 - No Advanced Search in Volume Snapshots/Backups
• BZ - 1563268 - CloudForms appliance is ignoring azure proxy settings in advanced tab.
• BZ - 1563351 - Nuage provider is unable to refresh inventory when subnets are missing gateway address
• BZ - 1563358 - Nuage Networks provider does not handle empty AMQP details
• BZ - 1563359 - Nuage Provider doesn't capture Alarms
• BZ - 1563361 - Nuage provider's event catcher yields "Too many open files" after 9 hours
• BZ - 1563363 - VMware vCloud Provider's inventoring fails because of bug in Disk parsing
• BZ - 1563364 - Support console access for VMware vCloud Provider's VMs
• BZ - 1563492 - CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
• BZ - 1563731 - in the conditions screen you see "Container Node" on the left but "Node" on the right
• BZ - 1563740 - ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine
• BZ - 1565139 - Some expression method definitions can fail with "<Script error>" in a dialog and a stack trace in evm.log
• BZ - 1565140 - Embedded Ansible job_status .out files are not processed by logrotate
• BZ - 1565142 - Nuage Provider uses qpid_proton gem version without heartbeating
• BZ - 1565147 - Unable to create Cloud Network due to undefined method
• BZ - 1565148 - Service gets submitted even if dialog does not passes validation
• BZ - 1565151 - Regression Custom Button Dialog Not Displaying Submit or Cancel Button
• BZ - 1565156 - Unable to see realtime data from OpenShift in CloudForms UI
• BZ - 1565160 - Ansible playbook credentials always show default value in SUI
• BZ - 1565167 - openstack provisioning instance fail on checkprovisioned
• BZ - 1565232 - OpenStack with bad credentials shows timeout
• BZ - 1565677 - Container reports take too much time to generate
• BZ - 1565686 - VMware vCloud Provider credential validation fails
• BZ - 1565756 - Remove specific EVM server from zone
• BZ - 1565862 - CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates
• BZ - 1566255 - DRb 'close' error for closed connection
• BZ - 1566526 - Reporting worker exceeding threshold for default report tied to custom widget
• BZ - 1566529 - Smartstate Analysis Schedule Fails for OpenShift 3.7 Container Images
• BZ - 1566530 - Report for Storage Capacity Field Generating Error Cannot Convert Hash to Float
• BZ - 1566541 - [RFE] Target Refresh support for OpenStack Block Storage Manager
• BZ - 1566557 - [Regression] Infra provider discovery doesn't work
• BZ - 1566562 - RHSM failing to register with proxy settings
• BZ - 1566563 - Cloudforms present blank page for backup volumes
• BZ - 1566568 - Appliances Missing from Global Region are showing a Zone ID of a Local Region
• BZ - 1566572 - ERROR ASCII-8BIT to UTF-8","klass":"Encoding::UndefinedConversionError"}}
• BZ - 1566577 - [AZURE]Filter list of available Public IPs
• BZ - 1566658 - [PRD][RFE] Ansible Next Gen - Playbook Seeding
• BZ - 1567278 - xClarity: Error while execute the second refresh cycle
• BZ - 1567962 - VMware vCloud Provider's VMs cannot revert from snapshot
• BZ - 1568023 - [Embedded Ansible] Standard Output throws error if Hostname has Non-ASCII Characters
• BZ - 1568091 - Catalog Item with Tag Control element cannot be ordered
• BZ - 1568156 - Not able to import certain dialogs because of tag Id
• BZ - 1568158 - User Interface does not come up after reboot
• BZ - 1568162 - DRO Service mapping to DRO instance incorrect
• BZ - 1568467 - Cannot put special characters in proxy password in Advanced Config
• BZ - 1568473 - Saving a service dialog with a multi-select drop-down populated by expression method gives a 500 internal server error
• BZ - 1568550 - CFME: OpenSCAP evaluation report target machine does not show container image name
• BZ - 1568559 - Deployment template validation failed
• BZ - 1568602 - Git repo automate datastore refresh timing out upon credential change
• BZ - 1569099 - Orphaned and Archived VMs displayed in running vms filter
• BZ - 1569103 - Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances
• BZ - 1569113 - Apache Reloaded twice with logrotate
• BZ - 1569177 - ERROR : 404 when trying to set the retirement date of the service
• BZ - 1569236 - [UI] - ManageIQ string in PDF summary file for flavors
• BZ - 1569472 - In dynamic dropdown list, the default value contains ALL the values of the list
• BZ - 1569551 - Auto-refresh values take forever to load values in dropdown
• BZ - 1570118 - CloudForms 4.6 - filtering based on tags does not work for catalog items
• BZ - 1570821 - Unable to run ansible playbook method via Simulate
• BZ - 1570950 - Service and VM retirement are non-deterministic, running parallel
• BZ - 1570989 - Service Catalog Item Subtype not rendered in UI
• BZ - 1571310 - Unable to select storage manager from drop down list through classic UI
• BZ - 1571976 - Dynamic check box does not update in Classic UI
• BZ - 1571989 - droplist with large amount of items do not display a search field
• BZ - 1572711 - Automate Methods from Dynamic Dialog are being Run More than Designed / Expected
• BZ - 1572716 - Delay in rendering service dialog
• BZ - 1572718 - Provider Inventory worker vim.log fills up due to large log messages
• BZ - 1573215 - OpenStack Block Storage Manager Cinder does not refreshed
• BZ - 1573246 - Workload category for Tag Control element does not work
• BZ - 1573254 - auto_refresh being used instead of dialog field responders on later versions
• BZ - 1573539 - Dashboard widget is not providing exact content due to Type conversion Exception.
• BZ - 1573990 - in certain situations the refresh methods are called on every single refresh

CVEs

• CVE-2018-1101
• CVE-2018-1104
• CVE-2018-7750

References

• https://access.redhat.com/security/updates/classification/#important