Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:1429 - Security Advisory
Issued:
2019-06-11
Updated:
2019-06-11

RHSA-2019:1429 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: CloudForms 4.7.5 security, bug fix and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for CloudForms Management Engine 5.10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

  • rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)
  • rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320)
  • rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)
  • rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)
  • rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)
  • rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat CloudForms 4.7 x86_64

Fixes

  • BZ - 1669023 - Network->Providers fails to refresh RHV Provider Network Manager with error Network->Providers fails to refresh RHV Provider Network Manager with error
  • BZ - 1692512 - CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar
  • BZ - 1692514 - CVE-2019-8321 rubygems: Escape sequence injection vulnerability in verbose
  • BZ - 1692516 - CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner
  • BZ - 1692519 - CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling
  • BZ - 1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution
  • BZ - 1692522 - CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors
  • BZ - 1703104 - [v2v] [RFE] Enable the Conversion Hosts settings page and wizard in the UI
  • BZ - 1710497 - Issues found when modifying roles assigned to buttons
  • BZ - 1710578 - Dynamic Field becomes blank on clicking on Refresh button in Service dialog
  • BZ - 1710606 - evm.object['value '] can not be used in other field
  • BZ - 1710608 - refresh methods are unable to populate textarea fields with yaml content
  • BZ - 1710610 - Dialog passing nil value even though value is set
  • BZ - 1710998 - Assigned filters don't work if datastore is deleted which has the filter assigned and it shows every cluster regardless of the assignment
  • BZ - 1711031 - [v2v] [RFE] Add ability to download Conversion Host enablement playbook log from UI
  • BZ - 1711032 - [RFE] Filter out ISO and Export storage domains for RHV Infra Mapping wiizard
  • BZ - 1711033 - [v2v] [RFE] Add info popover to VDDK Library Path field in Configure Conversion Host wizard
  • BZ - 1711034 - [v2v][RFE] Completed Migration plans cannot be ordered by execution order
  • BZ - 1711035 - Extra variables are not passed properly to ansible when configuring conversion host
  • BZ - 1711036 - [V2V][OSP] End to end migration not able to proceed with false "no conversion host was configured" error
  • BZ - 1711283 - infinispinner on selecting/deselecting search filter in vms/instances view
  • BZ - 1711285 - [V2V][OSP] Can not detect if conversion instance is enabled/added on OSP project in infra map
  • BZ - 1711957 - [RHV 4.3] IP Address Not Always Being Displayed in CFME
  • BZ - 1711981 - Unable to view service tree hierarchy
  • BZ - 1712135 - [V2V][RHV][VDDK][SSH] Migration failing with 'rescue in run_conversion' error in automation
  • BZ - 1712440 - Cannot create a group after validation message 'Description is not unique'
  • BZ - 1712595 - VM Provisioning Timeout - EMS needs manual refresh to see 'new' VMs
  • BZ - 1713477 - service bundle retirement requests that hit an error cannot be attempted again due to way the state is handled
  • BZ - 1713731 - [V2v][UI] 'Configure' button of authenticate modal from conversion host UI need to be responsive on 'verify TLS' bootstrap switch
  • BZ - 1713732 - [V2V][UI] Wrap migration details page's popover appropriately on errors
  • BZ - 1717500 - After upgrade the dynamically popullated "text area" fields pass null to ansible tower templates.
  • BZ - 1717501 - Values from a dialog element populated from a dynamic method are not always passed to service or button method.

CVEs

  • CVE-2019-8320
  • CVE-2019-8321
  • CVE-2019-8322
  • CVE-2019-8323
  • CVE-2019-8324
  • CVE-2019-8325

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/release_notes
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat CloudForms 4.7

SRPM
cfme-5.10.5.1-1.el7cf.src.rpm SHA-256: 5188591b44d5e33bd8a030116be45f7aaffb23adc8a6966752591cf95ce6e1f8
cfme-amazon-smartstate-5.10.5.1-1.el7cf.src.rpm SHA-256: 7fdcf29251351ad143e1cd36faff53f7b8c569904db8de1081d94778c38abe6c
cfme-appliance-5.10.5.1-1.el7cf.src.rpm SHA-256: 78f576ff8decb260a9f2b97145dfefab8a2f8dc058be8139653852465425ee95
cfme-gemset-5.10.5.1-1.el7cf.src.rpm SHA-256: 803d46aa2a89e1495b9ea5a0ea973dd8e8a4943e8a544debd6130dfc71cd7e34
ruby-2.4.6-91.el7cf.src.rpm SHA-256: 13ed2cdacdaa8e3205107593719ae06ac758dcd21d5ae0dfbc6c3475a1b921a4
x86_64
cfme-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: b019c8143bb4a351d471a2280a8733090efedf0337c0f35dd5debc1eddf8f4bb
cfme-amazon-smartstate-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: 8bd88f3e61c2989874bb027c628f02b16d1a959195712836b51d7488e42351d2
cfme-appliance-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: 53b3c0264a3b1243c1121312f514969c98af1dfe571913eeef3acd7ef10d21f9
cfme-appliance-common-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: 4cda145baee71dd8770506fc2b3f9c638ea3c7cb5f5079b6c6a13d99e951c342
cfme-appliance-debuginfo-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: 69a0847f666bc74603c9cd2efd03dca8e43158976f87416136c9d6be65f3d0e8
cfme-appliance-tools-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: c51a552d68accf97114c044834573eacf86933baadfe7d9c876578b423553a50
cfme-debuginfo-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: 4db4d0f3636cabb08eca3fda95519374f352a1056888a2d3fb5fcf70632a7d0f
cfme-gemset-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: febe8e07b2f8f98adf23e8f5c7121fa481858bef5a8c32245c66fff4673df96b
cfme-gemset-debuginfo-5.10.5.1-1.el7cf.x86_64.rpm SHA-256: aca41b4563e0b8a50672c1639e06e32cac120400a5a8c104b71a429fc84d1766
ruby-2.4.6-91.el7cf.x86_64.rpm SHA-256: 0a899afe4104d2560d90a760515846e21e204aafe494e4dac2387dcc9f5fa3dd
ruby-debuginfo-2.4.6-91.el7cf.x86_64.rpm SHA-256: 26323b71fc00bda89367716eb61874b5be8c2b36c74443e88fb62d14a58f1d66
ruby-devel-2.4.6-91.el7cf.x86_64.rpm SHA-256: 6cf3b4a839a9a467bb588db934f8876deab5c166f33f23566cf5bebe4035c8f9
ruby-doc-2.4.6-91.el7cf.noarch.rpm SHA-256: fb2529baab060fcde3abc26d6140085dc078d5f73251013068a89e762e4149ed
ruby-irb-2.4.6-91.el7cf.noarch.rpm SHA-256: 594a264792e0ed5bb8685b20696ca1e9b1fa032e22df5a710013303a5452da92
ruby-libs-2.4.6-91.el7cf.x86_64.rpm SHA-256: 5d3ef628d87da1f72a58e9639a8415b7d28866e328e8f8b71e3f2a50fb5d9083
rubygem-bigdecimal-1.3.2-91.el7cf.x86_64.rpm SHA-256: 84a7e03d191e03d34c9bd841daaaa76686903f2aaf3c7c7fae086d6155470514
rubygem-did_you_mean-1.1.0-91.el7cf.x86_64.rpm SHA-256: fa3c40264e55f6c174ad364ea02aff5ac4350660debf5e006a3e64c1563718de
rubygem-io-console-0.4.6-91.el7cf.x86_64.rpm SHA-256: 16047944d5e4f4e0a8f565f5542210c1734e30b7df26c1278315467f19962d57
rubygem-minitest-5.10.1-91.el7cf.noarch.rpm SHA-256: a9f66dce8fe9c1e9da4c673507ca42905b81b5f67d2be827f2b5851e8db9bd9f
rubygem-net-telnet-0.1.1-91.el7cf.x86_64.rpm SHA-256: d0f824d9ec9f2c43266c68a3fa5aaa5c43366c66ca3e58c37dd750f769df183f
rubygem-openssl-2.0.9-91.el7cf.x86_64.rpm SHA-256: 342174f67ce18edd6052fc9966d296f4ea06d758b4d15b414f925888b0862355
rubygem-power_assert-0.4.1-91.el7cf.noarch.rpm SHA-256: f8fafeca937c543b7bb3a010dcdeecb8d72aa324fcc0d45821181faf5b76fcfd
rubygem-psych-2.2.2-91.el7cf.x86_64.rpm SHA-256: 137feb304db52a53f1378464a5c6e937a70f63e230c1eee31ef3d01183a05abd
rubygem-rake-12.0.0-91.el7cf.noarch.rpm SHA-256: fcf7ca0c2103f913a82f8a6861719a3683f81c40987058d1ca6e7e550a577758
rubygem-rdoc-5.0.0-91.el7cf.noarch.rpm SHA-256: 8f2122206ea447391084b8058e7c968633b13cae67ac832c2e758dab414438d8
rubygem-test-unit-3.2.3-91.el7cf.noarch.rpm SHA-256: 0f5a468551b035968891b90911354f36269bfacc9c7f3d5a77ec0645da2f50c6
rubygem-xmlrpc-0.2.1-91.el7cf.noarch.rpm SHA-256: e21371af610c29523ca710ee89b87278fcd1fc332944669057489b08c9d18c91
rubygems-2.6.14.4-91.el7cf.noarch.rpm SHA-256: 59acb65ed730aeeecc2680c13fd0fbeb298e7ece41c9f6af171904f985f6d22c
rubygems-devel-2.6.14.4-91.el7cf.noarch.rpm SHA-256: ca7187f60c336c4c20da8e48e5ae4a3dc388f12a58a836adee63b39693890312

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility