RHSA-2018:1972 - Security Advisory

Topic

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development.

Security Fix(es):

• python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)
• ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101)
• ansible-tower: Remote code execution by users with access to define variables in job templates (CVE-2018-1104)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104. The CVE-2018-1101 issue was discovered by Graham Mainwaring (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat CloudForms 4.5 x86_64

Fixes

• BZ - 1489507 - Simultaneous service catalog request do not honour quotas
• BZ - 1496902 - Can add ansible tower provider without validation
• BZ - 1500951 - Can't Save Role when Enabling All Product Features for Ansible folder of a CloudForms Role
• BZ - 1511030 - Updates to RHEV Host Causes Duplicate Names in CloudForms
• BZ - 1526156 - Can't configure Red Hat Dropbox for logs in a global region when a sub-region has one already configured
• BZ - 1531499 - Automation->Ansible is visible for multiple roles when it should not be
• BZ - 1532272 - Catalog dynamic element entry point selection is cached and does not allow selection
• BZ - 1533082 - Reset tag: Flash message duplication
• BZ - 1535369 - Cloud Subnet create form - 'Cloud Subnet details' title displayed twice, 'Placement' title (section) missing
• BZ - 1536684 - Tooltip on retire button blocks the click of options
• BZ - 1537132 - Miq Server leaks memory and we fail to detect and remediate it
• BZ - 1540579 - Deployment roles are missing on CFME 5.8.3.2 over RHOS 12
• BZ - 1541341 - Gettext strings should not contain interpolations
• BZ - 1541427 - Tag assignment: 'Reset' button doesn't work for vms, templates
• BZ - 1541700 - RHOS 12: Infra provider scale down is broken
• BZ - 1544488 - [UI][RHOS] - remove Edit and Delete actions when in the SDN list view
• BZ - 1549626 - webui updates failing when a proxy is required
• BZ - 1549723 - WebUI: Tool tip displays html code while setting the ownership for multiple vm's
• BZ - 1549833 - cpu_usagemhz_rate_average is 0 for RHV 4 VMs
• BZ - 1550116 - Subscription page fails when a remote database is down
• BZ - 1550276 - Getting Couldn't find MiqTask Errors in evm.log
• BZ - 1550715 - Stored C&U "CPU (Mhz)" values for RHV VMs are incorrect (too high) by a factor of two
• BZ - 1550729 - Replication configuration page does not open when child database is down
• BZ - 1550732 - [Ansible Embedded] - Embedded Ansible cannot be enabled on IPv6 only appliance
• BZ - 1550737 - unable to view quotas without manage quota permissoin being enabled in 5.8.2
• BZ - 1551627 - Automate code from git does not work for repositories without master
• BZ - 1551693 - internal server error ActiveRecord::AssociationTypeMismatch when editing current_group
• BZ - 1551697 - Colons are unhandled in BaseModel key generation in AzureArmrest
• BZ - 1551699 - Not possible to configure GCE provider for new regions (southamerica-east1) on CFME
• BZ - 1552135 - Openstack refresh fails if it finds non-public flavors
• BZ - 1552233 - [RFE] Ability to select OpenStack External external network during the instance provisioning
• BZ - 1552780 - Adding floating IP from OSP do not enforce tenancy limits
• BZ - 1552891 - Tagging: Edit tags page doesn't open for network list items navigated through parent details page
• BZ - 1552905 - The accordion folds after adding a schedule
• BZ - 1553225 - Set Ownership can not be changed back to default
• BZ - 1553249 - UI: Same icon used for multiple options on Cloud Tenants page
• BZ - 1553308 - Undefined method `vmm_version' for nil:NilClass on VM summary screen
• BZ - 1553331 - Using webmks console one cannot type correctly the password when it contains special characters
• BZ - 1553337 - Default view settings fails for service catalogs
• BZ - 1553364 - Add miqssh utilities
• BZ - 1553465 - Enhance credential missing msg/behavior for VMRC console access
• BZ - 1553473 - Region size of 10,000 Objects Supportable for VMware Provider
• BZ - 1554533 - Schedule report fails to send mail when report is not empty
• BZ - 1554543 - Long time to refresh network provider on OpenStack
• BZ - 1554900 - when deleting an archived node using configure > remove a unknown method error is raised
• BZ - 1555487 - Dynamic Dropdown Multiselect: By default selects an element
• BZ - 1556814 - symbol conversion error while detaching disks from an openstack instance
• BZ - 1557025 - [RFE] Amazon provider - Allow user to enable and disable instance_types
• BZ - 1557130 - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
• BZ - 1558032 - internal server error when accessing the "policy_events" attribute of the "vms" resource
• BZ - 1558039 - AWS flavor list is out of date
• BZ - 1558047 - OpenStack - Include Provider Error Message in MiqProvisionFailure
• BZ - 1558076 - Fix WebMKS/VNC console connectivity
• BZ - 1558595 - No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2
• BZ - 1558622 - RedHat domain can be edited/deleted
• BZ - 1559551 - Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage
• BZ - 1559553 - Api::ServiceCatalogsController timeout error in multi-regional environment
• BZ - 1560097 - Error occurs when trying to edit a catalog item
• BZ - 1560099 - Outgoing SMTP E-mail Server settings not saved on first attempt
• BZ - 1560693 - Stop CF pestering OpenStack for Swift status when there is no Swift.
• BZ - 1561077 - Duplicate RBAC Role and Group names allowed when using different capitalization from the original name
• BZ - 1562773 - tenant source_id compromisation after changing provider credentials
• BZ - 1562775 - Approval permissions are not followed between different groups
• BZ - 1562798 - CFME - usage of non standard special characters (e.g. accents) in password causes user is not able to login
• BZ - 1563492 - CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
• BZ - 1563721 - Differencing Disk on Network Drive Fails Smartstate if initial disk on Local DRive.
• BZ - 1563741 - ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine
• BZ - 1564264 - Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]='
• BZ - 1564454 - [Regression] Unexpected error while opening Cloud Intel Timelines
• BZ - 1565157 - Unable to see realtime data from OpenShift in CloudForms UI
• BZ - 1565162 - Ansible playbook credentials always show default value in SUI
• BZ - 1565169 - openstack provisioning instance fail on checkprovisioned
• BZ - 1565248 - Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone
• BZ - 1565342 - [Azure]Provision Multiple VMs with Public IP selection options
• BZ - 1565358 - [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory
• BZ - 1565362 - SSA fails if disk has empty partitions in the beginning
• BZ - 1565364 - Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0]
• BZ - 1565365 - Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log
• BZ - 1565366 - VMware Edit provider has Host Default VNC start and End Port options, but Add Provider does not
• BZ - 1565389 - Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace)
• BZ - 1565403 - Creating buttons under the Datastore objects do not appear on Datastore Details Pages
• BZ - 1565414 - Total matches of Ems Cluster roles showing wrong count
• BZ - 1565678 - Container reports take too much time to generate
• BZ - 1565724 - vm reconfigure when quota enabled gets stuck in 'pending' state
• BZ - 1565760 - Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash
• BZ - 1565835 - Role inconsistency with privileges when creating reports and setting chargeback filters
• BZ - 1565862 - CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates
• BZ - 1566256 - DRb 'close' error for closed connection
• BZ - 1566528 - Reporting worker exceeding threshold for default report tied to custom widget
• BZ - 1566746 - Dropdown to delete a "not responding" server is missing
• BZ - 1567983 - Middleware Provider Timelines Typo in Policy Events->Middleware Operation Description 'Tagret'
• BZ - 1568016 - notifications do not get cleared from the notification table
• BZ - 1568042 - CloudForms: Unable to perform "Exit Maintenance Mode" task of VMware host
• BZ - 1568045 - Control->Explorer is visible for evmgroup-security role
• BZ - 1568084 - Default Container Image Rate can be deleted
• BZ - 1568159 - User Interface does not come up after reboot
• BZ - 1568168 - Moving widgets to the bottom of a column fails
• BZ - 1568576 - Deployment template validation failed
• BZ - 1568603 - Git repo automate datastore refresh timing out upon credential change
• BZ - 1569079 - Getting Forbidden exception after ordering the service by non-admin user.
• BZ - 1569100 - Orphaned and Archived VMs displayed in running vms filter
• BZ - 1569104 - Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances
• BZ - 1569118 - Apache Reloaded twice with logrotate
• BZ - 1569127 - We cannot backdate the schedule once you schedule it
• BZ - 1569171 - Help Documentation is only visible to users with super admin role
• BZ - 1569179 - ERROR : 404 when trying to set the retirement date of the service
• BZ - 1569230 - Missing Guest OS in dashboard reports in Openstack
• BZ - 1569237 - [UI] - ManageIQ string in PDF summary file for flavors
• BZ - 1569241 - Tagging: Edit tags page doesn't open for images opened from provider summary page
• BZ - 1570060 - [RFE] Metrics for memory usage of AWS instances is missing from C&U
• BZ - 1570951 - Service and VM retirement are non-deterministic, running parallel
• BZ - 1570990 - Service Catalog Item Subtype not rendered in UI
• BZ - 1571311 - Unable to select storage manager from drop down list through classic UI
• BZ - 1572621 - RHSM failing to register with proxy settings
• BZ - 1572719 - Provider Inventory worker vim.log fills up due to large log messages
• BZ - 1573540 - Dashboard widget is not providing exact content due to Type conversion Exception.
• BZ - 1574155 - Refresh Failing for VMware VIM object is too large
• BZ - 1574571 - OSPD 12 Undercloud - Infrastructure Provider refresh failed
• BZ - 1574615 - [RFE] make available tags defined on the azure side on azure objects to cloudforms for reports
• BZ - 1576101 - total costs no longer showing in any chargeback report if they are the only columns in the report
• BZ - 1578575 - RHOSP11 metric collection stuck with error: Fog::Metric::OpenStack::NotFound
• BZ - 1578853 - Compliance check is greyed out under VM summary screen when VM is selected but not when you click on the VM.
• BZ - 1578866 - Error upon successful SAML login when username contains capital letters
• BZ - 1581387 - Dynamic dropdown doesn't refresh correctly
• BZ - 1583711 - Unexpected Error when accessing SERVICE -> REQUESTS (undefined method find_tags_by_grouping)
• BZ - 1583790 - UI Worker Exceeding Memory Trying to View Hosts for VMware Provider
• BZ - 1584187 - CPU Utilization report graph shows dates on x axis in random order
• BZ - 1584688 - refresh_target_for_ems is not running in one of our environments
• BZ - 1589834 - [RFE][XS-2] Add possibility to unregister a VM in RHV provider

CVEs

• CVE-2018-1101
• CVE-2018-1104
• CVE-2018-7750

References

• https://access.redhat.com/security/updates/classification/#important