Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:2466 - Security Advisory
Issued:
2019-08-13
Updated:
2019-08-13

RHSA-2019:2466 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: CloudForms 4.7.8 security, bug fix and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for CloudForms Management Engine 5.10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

  • cfme-gemset: Improper authorization in migration log controller allows any user to access VM migration logs (CVE-2019-10159)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat CloudForms 4.7 x86_64

Fixes

  • BZ - 1703461 - Amazon EC2 missing regions in CloudForms UI
  • BZ - 1703474 - [RFE] Add m5a, r5a and t3a instance types to CFME
  • BZ - 1718080 - CVE-2019-10159 cfme: Improper authorization in migration log controller allows any user to access VM migration logs
  • BZ - 1723833 - retiring two services at the same time leads to only the vms of the first service being retired
  • BZ - 1726313 - When trying to assign a tag to a VM you are logged out of Cloudforms
  • BZ - 1727443 - Building the services tree takes too long when having 1000+ services
  • BZ - 1728270 - appliance_console: After configuring the "Logfile Configuration" and then running "Harden Appliance Using SCAP Configuration", the old filesystem is not removed from fstab
  • BZ - 1728403 - Cannot create database in appliance_console in ec2 env with newer instance types(t3,c5,c5d,m5d)
  • BZ - 1728706 - Different User is Being Shown as the Requester for a Lifecycle Provision in Automation Log
  • BZ - 1728707 - Add AWS GovCloud(Us-East) to disabled_regions by default
  • BZ - 1728708 - [RFE] Add m5ad, m5.metal, md5.metal, r5.metal, r5ad, r5d.metal and z1d.metal AWS instance types to CFME
  • BZ - 1728889 - Cannot retire service which has a VM that has been retired first
  • BZ - 1731157 - api permissions to create a picture not granted unless all permissions granted
  • BZ - 1731237 - RHV provider is recreating guest_devices on every refresh
  • BZ - 1731977 - Default service dialog values not included in EVM when 'refresh_dialog_fields' action invoked
  • BZ - 1731991 - Submit button is disabled when DatePicker and TimePicker fields set as required in dialog
  • BZ - 1731992 - Custom button: on Container Volumes with dialog not working
  • BZ - 1732117 - service template update with REST API result undefined method `key?' for nil:NilClass
  • BZ - 1732156 - RHT branding correction
  • BZ - 1733290 - [logo change request] Time for new logo in SSUI favicon
  • BZ - 1733375 - attempting to copy and save a service dialog with the same name results in dialog fields being duplicated
  • BZ - 1734122 - The ' Apply ' button doesn't work for Advance Filters in CloudForms

CVEs

  • CVE-2019-10159

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/release_notes
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat CloudForms 4.7

SRPM
cfme-5.10.8.0-1.el7cf.src.rpm SHA-256: 1c2f7fc0e8a9180bc17144f1aa61f5a25843246145d14e2fda03128519762909
cfme-amazon-smartstate-5.10.8.0-1.el7cf.src.rpm SHA-256: 1a4125a2be22c549807e38bad9783f3a172ee2eef0773e57688ff482235b583c
cfme-appliance-5.10.8.0-1.el7cf.src.rpm SHA-256: 827abf7025d153cb75230d01d9929786020fff5e3d669595a0eb8f78c2a92c66
cfme-gemset-5.10.8.0-1.el7cf.src.rpm SHA-256: bae7956f3bd4ea97f40285c4c3f82c51d7b9bf1eddecdbcc4f9d8b501825a9d8
rubygem-nokogiri-1.8.5-1.el7cf.src.rpm SHA-256: 30bf128c8c31654299c33fd51578a12c282a472f9d2ccdbfc88527e22f33f7b6
x86_64
ansible-tower-3.5.1-1.el7at.x86_64.rpm SHA-256: c356e823f2f2abe702420e10526bb0a8f3730cdb266c1f0a93e19888044bd863
ansible-tower-server-3.5.1-1.el7at.x86_64.rpm SHA-256: 2f5496fa622b4671707297b0aeee860b79d690f068ecb235c612b8c5fe7106aa
ansible-tower-setup-3.5.1-1.el7at.x86_64.rpm SHA-256: 14edd149d4ed7406af621b6135f347f69c382e594ddcb32186ae36424fd0bec1
ansible-tower-ui-3.5.1-1.el7at.x86_64.rpm SHA-256: bc16d2d78862b6fcfaa124966cd463fddbe47b29ce65a0fc8e4fbff9c5433e05
ansible-tower-venv-ansible-3.5.1-1.el7at.x86_64.rpm SHA-256: 9a542ed98edb1593925d84e0bc9400c4b7d4fcb74e5dee0b340b8b3550aa8f4f
ansible-tower-venv-tower-3.5.1-1.el7at.x86_64.rpm SHA-256: ccc9df2d26d878d48a8f2bb5eb097f4fd51f77a41466beffb028ac24768e3064
cfme-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: a377ec28c5da86a69371f93fc8df47a9da2053314dcb13698f4b63e405666fe1
cfme-amazon-smartstate-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: 94a084b9afc9fd7e2ef7f49940c886080fda42f3286897207cbbe4a86e3a5364
cfme-appliance-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: f26de5afdde2557b661f9c2d62a845e4b61b3c44fb59ac5235f756f53ad8efec
cfme-appliance-common-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: 3173ddbcc9ed4f53f7c7026c93cdda09a4cccd6889aed4b0f0e1d6aa119175a5
cfme-appliance-debuginfo-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: 47d93a26e94d9f895c930f8d7e48a635343dcdcab6926e272d1e7af0d52ca41c
cfme-appliance-tools-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: a36b1ce3087f7c8b44527abe7abfdd26883300d742641e0be9b0eba99f64f52a
cfme-debuginfo-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: 8f792965e27ae2789cc8d32ef8e68fa59943a804ab07a328487b034567ed4dac
cfme-gemset-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: 549836325b693da881d56290575b3fbbb376b11b2075785ccdf3d1443d3017f7
cfme-gemset-debuginfo-5.10.8.0-1.el7cf.x86_64.rpm SHA-256: c461cd85fa7244d4c68739320209f45e20978f3430a3e5b69404b077f1f040b4
rubygem-nokogiri-1.8.5-1.el7cf.x86_64.rpm SHA-256: d36302ffd81f650004984985f2e37531cffd7fcff2af2628169b99453652b193
rubygem-nokogiri-debuginfo-1.8.5-1.el7cf.x86_64.rpm SHA-256: 71b55790f608557d75ee0916548d1b24c2dda8b74f3720769cb904810e456038
rubygem-nokogiri-doc-1.8.5-1.el7cf.x86_64.rpm SHA-256: b354572a4f2ef8c9fc4c2e07a9dc4fd574a9d2017be1fc093513b0699e8907cf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility