Issued:: 2020-12-15
Updated:: 2020-12-15

RHSA-2020:5554 - Security Advisory

Overview
Updated Packages

Synopsis

Important: CloudForms 5.0.10 security, bug fix and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for CloudForms Management Engine 5.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

cfme-gemset: CloudForms: Incomplete fix for CVE-2020-10783 (CVE-2020-25716)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

Red Hat CloudForms 5.11 x86_64

Fixes

BZ - 1835226 - ansible-runner playbooks used in provisioning failing due to connectivity issues to SCM cannot recover on task retry
BZ - 1886887 - Running service lacks one of the tags assigned to it during service order
BZ - 1889302 - /etc/machine-id is a part of image
BZ - 1893014 - Issue when using ansible-runner to run a playbook with an ssh_key generated on rhel8
BZ - 1896439 - Azure VM C&U metrics capture logs shows error: undefined method `iso8601' for nil:NilClass
BZ - 1898525 - CVE-2020-25716 Cloudforms: Incomplete fix for CVE-2020-10783
BZ - 1901328 - V2V: Configuration of RHV 4.4.3 conversion host fails

CVEs

CVE-2020-25716

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat CloudForms 5.11

SRPM
cfme-5.11.10.1-1.el8cf.src.rpm	SHA-256: df9538ce731571cff14b363f926d6ff49642d3b1bd986da2a82738d1649c51d6
cfme-amazon-smartstate-5.11.10.1-1.el8cf.src.rpm	SHA-256: 6ad522d905b27de83c6967734d2c52faea1f1ed63efbe33fa26666909ad29410
cfme-appliance-5.11.10.1-1.el8cf.src.rpm	SHA-256: ac6861cf3c585ca8244a18241a854a35005743ad7fc5cf9e9b44f21176c07d9d
cfme-gemset-5.11.10.1-1.el8cf.src.rpm	SHA-256: 43f0e118b90a305724871a79852a11ce5e15594820a75ac1b22dccd48de4fb13
v2v-conversion-host-1.16.2-6.el8ev.src.rpm	SHA-256: 3c0bc7540f1d818458087b77600a220365e7c8f2c01137707bac0533402ffcea
x86_64
cfme-5.11.10.1-1.el8cf.x86_64.rpm	SHA-256: 1a2d6360a52120ad242aed437fb62ea74fb05645f70b832012dbf49fb526a343
cfme-amazon-smartstate-5.11.10.1-1.el8cf.x86_64.rpm	SHA-256: b2d8a84e809e7fb4e56bfb2d9b720be0ca58d18cdbb294fefd935b1514f79b1f
cfme-appliance-5.11.10.1-1.el8cf.x86_64.rpm	SHA-256: f51059af6adff290fb2a34c9c17c4a17f8433b78cec47cca1d3e2c0cdc97ff74
cfme-appliance-common-5.11.10.1-1.el8cf.x86_64.rpm	SHA-256: 81b39ee739c86d22fb5118629a5968664cbe344efa541ac8d89ddd72bf666c6e
cfme-appliance-tools-5.11.10.1-1.el8cf.x86_64.rpm	SHA-256: cb179cb3aeb08cb39b0be5ba9813c6c4ad0491818326705d082a3a9938a70d02
cfme-gemset-5.11.10.1-1.el8cf.x86_64.rpm	SHA-256: 952fcda8688bf055dab2d1f94e2ecc43e98b83c894381032abf948ee0b06ad7b
v2v-conversion-host-ansible-1.16.2-6.el8ev.noarch.rpm	SHA-256: 6aa37e7fcdd9403c659a0653d66580d1bba05a2cad8700d4df9f71131cff9c6b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation