Synopsis

Important: Red Hat CloudForms security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Topic

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development.

Security Fix(es):

• python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)
  
• ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101)
  
• ansible-tower: Remote code execution by users with access to define variables in job templates (CVE-2018-1104)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104. The CVE-2018-1101 issue was discovered by Graham Mainwaring (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat CloudForms 4.5 x86_64

Fixes

• BZ - 1489507 - Simultaneous service catalog request do not honour quotas
• BZ - 1496902 - Can add ansible tower provider without validation
• BZ - 1500951 - Can't Save Role when Enabling All Product Features for Ansible folder of a CloudForms Role
• BZ - 1511030 - Updates to RHEV Host Causes Duplicate Names in CloudForms
• BZ - 1526156 - Can't configure Red Hat Dropbox for logs in a global region when a sub-region has one already configured
• BZ - 1531499 - Automation->Ansible is visible for multiple roles when it should not be
• BZ - 1532272 - Catalog dynamic element entry point selection is cached and does not allow selection
• BZ - 1533082 - Reset tag: Flash message duplication
• BZ - 1535369 - Cloud Subnet create form - 'Cloud Subnet details' title displayed twice, 'Placement' title (section) missing
• BZ - 1536684 - Tooltip on retire button blocks the click of options
• BZ - 1537132 - Miq Server leaks memory and we fail to detect and remediate it
• BZ - 1540579 - Deployment roles are missing on CFME 5.8.3.2 over RHOS 12
• BZ - 1541341 - Gettext strings should not contain interpolations
• BZ - 1541427 - Tag assignment: 'Reset' button doesn't work for vms, templates
• BZ - 1541700 - RHOS 12: Infra provider scale down is broken
• BZ - 1544488 - [UI][RHOS] - remove Edit and Delete actions when in the SDN list view
• BZ - 1549626 - webui updates failing when a proxy is required
• BZ - 1549723 - WebUI: Tool tip displays html code while setting the ownership for multiple vm's
• BZ - 1549833 - cpu_usagemhz_rate_average is 0 for RHV 4 VMs
• BZ - 1550116 - Subscription page fails when a remote database is down
• BZ - 1550276 - Getting Couldn't find MiqTask Errors in evm.log
• BZ - 1550715 - Stored C&U "CPU (Mhz)" values for RHV VMs are incorrect (too high) by a factor of two
• BZ - 1550729 - Replication configuration page does not open when child database is down
• BZ - 1550732 - [Ansible Embedded] - Embedded Ansible cannot be enabled on IPv6 only appliance
• BZ - 1550737 - unable to view quotas without manage quota permissoin being enabled in 5.8.2
• BZ - 1551627 - Automate code from git does not work for repositories without master
• BZ - 1551693 - internal server error ActiveRecord::AssociationTypeMismatch when editing current_group
• BZ - 1551697 - Colons are unhandled in BaseModel key generation in AzureArmrest
• BZ - 1551699 - Not possible to configure GCE provider for new regions (southamerica-east1) on CFME
• BZ - 1552135 - Openstack refresh fails if it finds non-public flavors
• BZ - 1552233 - [RFE] Ability to select OpenStack External external network during the instance provisioning
• BZ - 1552780 - Adding floating IP from OSP do not enforce tenancy limits
• BZ - 1552891 - Tagging: Edit tags page doesn't open for network list items navigated through parent details page
• BZ - 1552905 - The accordion folds after adding a schedule
• BZ - 1553225 - Set Ownership can not be changed back to default
• BZ - 1553249 - UI: Same icon used for multiple options on Cloud Tenants page
• BZ - 1553308 - Undefined method `vmm_version' for nil:NilClass on VM summary screen
• BZ - 1553331 - Using webmks console one cannot type correctly the password when it contains special characters
• BZ - 1553337 - Default view settings fails for service catalogs
• BZ - 1553364 - Add miqssh utilities
• BZ - 1553465 - Enhance credential missing msg/behavior for VMRC console access
• BZ - 1553473 - Region size of 10,000 Objects Supportable for VMware Provider
• BZ - 1554533 - Schedule report fails to send mail when report is not empty
• BZ - 1554543 - Long time to refresh network provider on OpenStack
• BZ - 1554900 - when deleting an archived node using configure > remove a unknown method error is raised
• BZ - 1555487 - Dynamic Dropdown Multiselect: By default selects an element
• BZ - 1556814 - symbol conversion error while detaching disks from an openstack instance
• BZ - 1557025 - [RFE] Amazon provider - Allow user to enable and disable instance_types
• BZ - 1557130 - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
• BZ - 1558032 - internal server error when accessing the "policy_events" attribute of the "vms" resource
• BZ - 1558039 - AWS flavor list is out of date
• BZ - 1558047 - OpenStack - Include Provider Error Message in MiqProvisionFailure
• BZ - 1558076 - Fix WebMKS/VNC console connectivity
• BZ - 1558595 - No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2
• BZ - 1558622 - RedHat domain can be edited/deleted
• BZ - 1559551 - Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage
• BZ - 1559553 - Api::ServiceCatalogsController timeout error in multi-regional environment
• BZ - 1560097 - Error occurs when trying to edit a catalog item
• BZ - 1560099 - Outgoing SMTP E-mail Server settings not saved on first attempt
• BZ - 1560693 - Stop CF pestering OpenStack for Swift status when there is no Swift.
• BZ - 1561077 - Duplicate RBAC Role and Group names allowed when using different capitalization from the original name
• BZ - 1562773 - tenant source_id compromisation after changing provider credentials
• BZ - 1562775 - Approval permissions are not followed between different groups
• BZ - 1562798 - CFME - usage of non standard special characters (e.g. accents) in password causes user is not able to login
• BZ - 1563492 - CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
• BZ - 1563721 - Differencing Disk on Network Drive Fails Smartstate if initial disk on Local DRive.
• BZ - 1563741 - ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine
• BZ - 1564264 - Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]='
• BZ - 1564454 - [Regression] Unexpected error while opening Cloud Intel Timelines
• BZ - 1565157 - Unable to see realtime data from OpenShift in CloudForms UI
• BZ - 1565162 - Ansible playbook credentials always show default value in SUI
• BZ - 1565169 - openstack provisioning instance fail on checkprovisioned
• BZ - 1565248 - Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone
• BZ - 1565342 - [Azure]Provision Multiple VMs with Public IP selection options
• BZ - 1565358 - [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory
• BZ - 1565362 - SSA fails if disk has empty partitions in the beginning
• BZ - 1565364 - Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0]
• BZ - 1565365 - Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log
• BZ - 1565366 - VMware Edit provider has Host Default VNC start and End Port options, but Add Provider does not
• BZ - 1565389 - Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace)
• BZ - 1565403 - Creating buttons under the Datastore objects do not appear on Datastore Details Pages
• BZ - 1565414 - Total matches of Ems Cluster roles showing wrong count
• BZ - 1565678 - Container reports take too much time to generate
• BZ - 1565724 - vm reconfigure when quota enabled gets stuck in 'pending' state
• BZ - 1565760 - Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash
• BZ - 1565835 - Role inconsistency with privileges when creating reports and setting chargeback filters
• BZ - 1565862 - CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates
• BZ - 1566256 - DRb 'close' error for closed connection
• BZ - 1566528 - Reporting worker exceeding threshold for default report tied to custom widget
• BZ - 1566746 - Dropdown to delete a "not responding" server is missing
• BZ - 1567983 - Middleware Provider Timelines Typo in Policy Events->Middleware Operation Description 'Tagret'
• BZ - 1568016 - notifications do not get cleared from the notification table
• BZ - 1568042 - CloudForms: Unable to perform "Exit Maintenance Mode" task of VMware host
• BZ - 1568045 - Control->Explorer is visible for evmgroup-security role
• BZ - 1568084 - Default Container Image Rate can be deleted
• BZ - 1568159 - User Interface does not come up after reboot
• BZ - 1568168 - Moving widgets to the bottom of a column fails
• BZ - 1568576 - Deployment template validation failed
• BZ - 1568603 - Git repo automate datastore refresh timing out upon credential change
• BZ - 1569079 - Getting Forbidden exception after ordering the service by non-admin user.
• BZ - 1569100 - Orphaned and Archived VMs displayed in running vms filter
• BZ - 1569104 - Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances
• BZ - 1569118 - Apache Reloaded twice with logrotate
• BZ - 1569127 - We cannot backdate the schedule once you schedule it
• BZ - 1569171 - Help Documentation is only visible to users with super admin role
• BZ - 1569179 - ERROR : 404 when trying to set the retirement date of the service
• BZ - 1569230 - Missing Guest OS in dashboard reports in Openstack
• BZ - 1569237 - [UI] - ManageIQ string in PDF summary file for flavors
• BZ - 1569241 - Tagging: Edit tags page doesn't open for images opened from provider summary page
• BZ - 1570060 - [RFE] Metrics for memory usage of AWS instances is missing from C&U
• BZ - 1570951 - Service and VM retirement are non-deterministic, running parallel
• BZ - 1570990 - Service Catalog Item Subtype not rendered in UI
• BZ - 1571311 - Unable to select storage manager from drop down list through classic UI
• BZ - 1572621 - RHSM failing to register with proxy settings
• BZ - 1572719 - Provider Inventory worker vim.log fills up due to large log messages
• BZ - 1573540 - Dashboard widget is not providing exact content due to Type conversion Exception.
• BZ - 1574155 - Refresh Failing for VMware VIM object is too large
• BZ - 1574571 - OSPD 12 Undercloud - Infrastructure Provider refresh failed
• BZ - 1574615 - [RFE] make available tags defined on the azure side on azure objects to cloudforms for reports
• BZ - 1576101 - total costs no longer showing in any chargeback report if they are the only columns in the report
• BZ - 1578575 - RHOSP11 metric collection stuck with error: Fog::Metric::OpenStack::NotFound
• BZ - 1578853 - Compliance check is greyed out under VM summary screen when VM is selected but not when you click on the VM.
• BZ - 1578866 - Error upon successful SAML login when username contains capital letters
• BZ - 1581387 - Dynamic dropdown doesn't refresh correctly
• BZ - 1583711 - Unexpected Error when accessing SERVICE -> REQUESTS (undefined method find_tags_by_grouping)
• BZ - 1583790 - UI Worker Exceeding Memory Trying to View Hosts for VMware Provider
• BZ - 1584187 - CPU Utilization report graph shows dates on x axis in random order
• BZ - 1584688 - refresh_target_for_ems is not running in one of our environments
• BZ - 1589834 - [RFE][XS-2] Add possibility to unregister a VM in RHV provider

CVEs

• CVE-2018-1101
• CVE-2018-1104
• CVE-2018-7750

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat CloudForms 4.5

SRPM
ansible-2.4.4.0-1.el7ae.src.rpm	SHA-256: b08063b8a8b221d7fe97ad47e092aa4d4aeea485c6454c9b91e7fcffe21d78d6
cfme-5.8.4.5-1.el7cf.src.rpm	SHA-256: 41f8e9bc3c4295278dc4066a74ac677951871fc73904dbb5502e7a2841159269
cfme-appliance-5.8.4.5-1.el7cf.src.rpm	SHA-256: 5fe601dc2de7489e83b88e64515c0f5ef6f73f9a943e2365a1374d982b0c3fe2
cfme-gemset-5.8.4.5-1.el7cf.src.rpm	SHA-256: d0adc44103f9a2c7649d1b40b0d58dac4bd26a843b4b10bfa7901ef4262bcb98
python-paramiko-2.1.1-4.el7.src.rpm	SHA-256: 43ba21a7cbfc99918164c9dee8e2c2ece5915b421834a00474d2bfbeb3d748b7
rh-ruby23-rubygem-json-2.1.0-1.el7cf.src.rpm	SHA-256: 7eee6c492b240d5ab5b5d61af400a48217e7c858625361f3edef7d373e141260
x86_64
ansible-2.4.4.0-1.el7ae.noarch.rpm	SHA-256: 04b4ae3d042246fae073db5678490fdd9e88eeb0af36fe3903563bff1e0b24d6
ansible-tower-server-3.1.7-1.el7at.x86_64.rpm	SHA-256: 52aa6bd1dc89e20cf28f3ac8616a1fbb5863f90a53d5e223a0f095ca863c2a2f
ansible-tower-setup-3.1.7-1.el7at.x86_64.rpm	SHA-256: a272a928ec6f31b391f65f608b96f5926d0408e1cad8f0509965f08e9fed3ed9
cfme-5.8.4.5-1.el7cf.x86_64.rpm	SHA-256: 5e946c5b8111b1ba775843dd8f575300919e1b21e24d3bc1f459c3fe206d876e
cfme-appliance-5.8.4.5-1.el7cf.x86_64.rpm	SHA-256: b6a6c2240d628ff6bace9f03d1b151692d8caf3258789247ea468dc737efcd60
cfme-appliance-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm	SHA-256: 51b2c955a1b5ed2cc52037ddbbcfc41f2d7a9a17514f18891543eff3874b4f16
cfme-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm	SHA-256: c3adaa5089b9b8d879bed6e6d540c51b2b17b514afff3674ffcb00761362a1b3
cfme-gemset-5.8.4.5-1.el7cf.x86_64.rpm	SHA-256: 1e3e1a3105b6e7d38608029447b2889411473f7caf115156df4a19260693e41b
python-paramiko-2.1.1-4.el7.noarch.rpm	SHA-256: 461375b1b458818f5b5893aefac09fbf39cd651c081e63479915b8ffa33a72cc
python-paramiko-doc-2.1.1-4.el7.noarch.rpm	SHA-256: 4abfc94c371f6fb64761ad9616522bfbab10091dc60cc0513f2496b70a883d36
rh-ruby23-rubygem-json-2.1.0-1.el7cf.x86_64.rpm	SHA-256: 0011cff555a196aecca0563ecf27156155d8a4369f7fd155b871bee10d15ad07
rh-ruby23-rubygem-json-debuginfo-2.1.0-1.el7cf.x86_64.rpm	SHA-256: 0d0c56ec62c4c2e05114c0a2c33436a61db09514cd3d861048b6aa5e37994f43
rh-ruby23-rubygem-json-doc-2.1.0-1.el7cf.x86_64.rpm	SHA-256: be9cf669e54cf32ec4f7dc8c4a00ae34bc408027887e47109f6c04e0b2e2fb23