exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2016-1996-01

Red Hat Security Advisory 2016-1996-01
Posted Oct 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1996-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via the JSON API and the web-based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process.

tags | advisory, web, arbitrary, shell, ruby
systems | linux, redhat
advisories | CVE-2016-7040
SHA-256 | 1c2918693d8225ca8ca6a15efb410a91e7c416778e97c4c3978e4f96a4818cea

Red Hat Security Advisory 2016-1996-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: CFME 4.1 bug fixes and enhancement update
Advisory ID: RHSA-2016:1996-01
Product: Red Hat CloudForms
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1996.html
Issue date: 2016-10-04
Cross references: RHSA-2016:1634
CVE Names: CVE-2016-7040
=====================================================================

1. Summary:

Updated cfme packages that fix bugs and add various enhancements
are now available for Red Hat CloudForms 4.1.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.6 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control,
and automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails,
a model-view-controller (MVC) framework for web application
development. Action Pack implements the controller and the view
components.

* An input validation flaw was found in the way CloudForms regular
expressions were passed to the expression engine via the JSON API and the
web-based UI. A user with the ability to view collections and filter them
could use this flaw to execute arbitrary shell commands on the host with
the privileges of the CloudForms process. (CVE-2016-7040)

This issue was discovered by Tim Wade (Red Hat).

Additional Changes:

This update fixes bugs and adds various enhancements.
Documentation for these changes is available in the Release Notes linked
to in the References section.

All CFME users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1337552 - Common datastore across multiple vcenter causes inventory confusion for provisions
1337577 - service requests don't show dynamic drop down selections
1343517 - When using external auth and removing a user from all groups the user's groups are not updated and he is still able to log-in to CFME Web-UI
1343717 - Openstack cloud provider - when using Keystone v3 domain for registration we need to ignore the projects that the user doesn't have access to
1343719 - Provisioning from RHEVM 3.6 template loses template boot sequence
1346953 - [RFE] Unable to set number_of_vms in non-generic service catalog items
1346989 - [RFE] Keystone domains support
1346990 - VM refreshes are failing but the message status from each of the EmsRefresh.refresh commands shows 'ok' in error
1347278 - [RFE] - lifecycle button missing from cloud images
1347330 - [ja_JP] Translations are missing in 'Compute'-'Clouds' menu and its sub menus
1347692 - [ja_JP] Translation issues on cloud intelligence->chargeback->assignments page.
1348631 - CPU Right Size recommendations only take into account CPU sockets, not cores per socket
1348637 - [ja_JP] Translation issues observed on cloud intelligence->Reports->reports page.
1348644 - [ja_JP] Translation issues on Services -> Requests page
1348648 - [ja_JP] Translations are missing in Compute-Services menu
1348649 - [ALL LANG] All contents are unlocalized under Control->Log.
1349059 - [ja_JP] Translations are either misplaced or missing on Settings->Configuration->Settings
1349423 - Dynamic Dropdown list of AWS instance Type for AWS GovCloud seems to be returning instance types that are not supported by AWS GovCloud
1351332 - [RFE] [SDN] - No providers tags relations displayed in Tolopogy
1352016 - Missing policy button on some of the Network Manager Relationship pages
1353291 - String interpolations must not be present in toolbar definitions
1354503 - OSP refresh fails with Policy doesn't allow os_compute_api:os-availability-zone:detail to be performed.
1357865 - RHEV VM Reconfigure: Set memory to a size smaller than guaranteed memory fail
1358323 - In Networks menu should all names in plural
1361175 - Error when canceling orchestration stack retirement form
1361176 - [RFE] Chargeback of containers based on tags
1361178 - Cannot Cancel Smart State Analysis of Container that is not completing -
1361693 - Advanced search in workloads expression element "Registry" hides select bar for element type
1362227 - Clicking on Reset button while editing a provider throws error message in UI for firefox browser
1362627 - [RFE] Allow reporting relationship between OpenShift pods and the image they run
1362631 - Maintain uniformity in dropdown values in japanese locale
1362634 - Package/Application icon in CloudForms looks like Apple AppStore logo
1362704 - Stack : Link " ManageIQ/Providers/Cloud Manager/Orchestration Stacks" shows "Page does not exists"
1363753 - SSUI : All languages are not shown in SSUI login dropdown
1363754 - [RFE] 'LDAP Group Look Up' string needs to changed to 'External auth Group Look Up' when auth mode is set to external(httpd)
1363891 - Datastores: " ActionController::RoutingError " when clicking on reload button
1364222 - Accessing the tags method of an MiqAeServiceLan object results in a NoMethodError exception
1364501 - Customer reporting growth of sessions table to an enormous size and postgresql logs don't indicate any auto-vacuum activity is happening
1366358 - SSUI: logo not displayed on login screen
1366596 - Container SSA results are aggregated instead of updated
1366597 - unable to tag datastores via rest api or UI
1366598 - Failed container scanning job does not timeout
1366599 - Image List shows "Unknown image source" for images
1368165 - Start date for report schedule is set to tomorrow
1368167 - Service provisioning messages overlapped in self service ui
1368168 - Editing RHEVM has default API Port 5000 in UI even though no port was set when creaing
1368170 - GCE instance was retired, but was not power off
1369583 - [Configuration management Jobs] - Wrong title of downloaded files
1370196 - LDAP group lookup fails with json UTF conversion errors
1370198 - Cloud tenant and AZ from overcloud show up in undercloud relationships
1370202 - page doesn't exist after session timeout on provider timeline page
1370208 - Unable to authenticate to RHEV provider after migration from cfme-5.4.4.2 (3.2) to cfme-5.6.0.13 (4.1)
1370209 - Request to restore diagnostic functionality critical to support (ie, current appliance settings) removed in the CFME 4.1
1370211 - Azure: undefined method `downcase'
1370216 - Azure provider fails EMS refresh
1370309 - missing rights to show AWS security groups caused null
1370310 - add support for secondary fixed IP addresses for AWS ENI interfaces
1370476 - No html Id's defined for the bootstrap switches in manage quota form
1370478 - "unexpected token at ..." error when validating Tower which returns internal server error 500
1370480 - Incorrect name is used for default Azure provider during discovery
1370481 - Catalog item becomes corrupt after removing template it was using
1370488 - Changing default instance_name in custom button from "Automation" to "Request"
1370568 - METHOD:: does not accept a full path to a method
1370569 - VMware folder support showing more than just folders
1370574 - Errno::ETIMEDOUT: Connection timed out on Azure at gallery.azure.com
1370575 - Region description doesn't change
1370586 - Multi-rate chargeback report can not be queued.
1371174 - After adding generic/orchestration catalog item infinispinner and 502 error(appliance crashed)
1371267 - Unable to get to Topology link in breadcrumb trail on Network Manager entities page
1371268 - [RFE] Add Global filters for RHEV block datastores
1371269 - C&U collection tab can sometimes be blank
1371270 - Cloud network manager availability zones back button redirects me to cloud provider
1371272 - unable to use {nil => "<default>"} with self provisioning when selecting dialog_tenant_name
1371311 - [Ansible Tower] Provider cannot be removed when selected from accordion tree
1371640 - [RFE] Create AWS EC2 appliance
1371666 - [ja_JP, zh_CN] Need to translate the title and tool-tips on Control -> Log page.
1371668 - [ja_JP, zh_CN] Need to translate drop-down config. menu options on Compute -> Containers -> Providers
1371669 - [ja_JP, zh_CN] Need to translate menu options under configuration on Networks -> providers.
1371670 - [ja_JP, zh_CN] Need to translate drop-down options and some strings on Optimize -> Planning page.
1371671 - [ja_JP, zh_CN] Need to translate strings on Automate -> Requests page
1371979 - Error:undefined method `size' for nil:NilClass when clicked on cloud provider after deleting network manager
1371980 - Automation Method Error When Accessing 'host'/'hosts' From a Switch
1371981 - Type Template/VM filter under VMs is useless
1372413 - UI: Inconsistent behavior when adding duplicate provider; infra provider X configuration manager
1372775 - Refresh Configuration Management Provider does not work when selected from the explorer tree
1372801 - Add ability to swap the default threaded puma web server for thin
1374377 - [RFE] Reporting on OpenShift Custom Labels
1374420 - multiple ip address for the same network_port_id for openStack provider
1374423 - Select button options " By Infrastructure providers" and "All VMs" should be renamed
1374450 - Compliance check history isn't shown if compliance policy is unconditional
1374695 - Multi-tenancy - tenant name not renamed in Set group ownership dropdown menu
1374696 - Adding rhevm infrastrcture provider and filling in bad IP bad user/pass error
1374815 - Error on Azure Cloud Discovery: wrong number of arguments
1375205 - SSUI displays "null" for azure resource group or fails if <new resource group> is selected
1375311 - validate_request for cloud does not include support for flavors
1375326 - Providers quick search should have searched string in brackets next to the title like all other pages
1375330 - Azure provisioning missing pre and post methods.
1375343 - Upgrade azure-armrest to 0.2.9.
1376010 - Amazon Image details doesn't open
1376130 - Utilization tree remembers selected node
1376132 - :cold_sweat: Don't include AvailabilityMixin into Object, that's really bad
1376137 - Fix report scheduler timer_types
1376138 - Change column type of cpu_cores_used_cost in reports to currency
1376139 - Fixed port_scan.rb file and related changes
1376140 - Memoize image_path helper in build_tags_tree
1376141 - Add single select false to guest access pair options on EC2
1376143 - Move _('locale_name') to Vmdb::FastGettextHelper
1376144 - ChargebackContainerProject - Filter project by tag
1376146 - Discrepancy in objects count in Containers Overview following Provider overview
1376147 - Re-check Authentication button for Providers in the GTL view
1376150 - Fix the toolbar button tooltip for Providers in GTL view
1376151 - Container Chargeback report: Rate Range by Project
1376153 - Update x1.32xlarge to enhanced and clustered networking.
1376154 - Replace corrupted PNGs
1376155 - cap&u dont puke when _debug
1376157 - SSUI : language : Shopping cart validation message needs to switch language when one is selected
1376158 - Update gettext catalogs from Zanata
1376159 - Use Rails version 5.0.0.1 or higher
1376160 - Relationships filter_by_resource_type scope
1376161 - Azure - Enhanced C&U support
1376162 - Azure cache
1376163 - Move join region logic into a rake task
1376164 - recent version of draper gem
1376165 - Changing default instance_name in custom button from "Automation" to "Request"
1376167 - Reworked building VMware nested datacenter folders in factory girl
1376168 - Fix Caching Issues for MiqDiskCache Module
1376169 - Show provider status color by bearer type authentication on container topology
1376170 - Multi endpoints dialog message
1376171 - Update required ovirt_metrics version
1376172 - BAT Handling in Checkpoint Disks Issues
1376173 - With the updated net-ldap 0.14.0, Net::LDAP:LdapError is no longer used.
1376174 - Make connection_configuration respect the default authentication type
1376175 - ArVirtual - Ownership uses virtual attributes / delegates
1376176 - Modify Azure Runner to use existing EMS
1376177 - Take 2: Speed up "VMs & Instances in My LDAP Group" filter in /vm_or_template/explorer
1376178 - Allow more than one iso datastore per type of EMS
1376513 - Unexpected error when clicked on service request
1376520 - service template provision tasks failing in check provision method
1376528 - [RHV 4.0] Provision VM ends up with "Validating New Vm" endless retries
1376557 - Clicking Automate triggers an error.
1376574 - Azure Enterprise Agreement subscriptions not catching events
1377416 - Unknown Error while refreshing Azure
1377420 - [ja_JP, zh_CN] User login credentials verification fail message is not localized

6. Package List:

CloudForms Management Engine 5.6:

Source:
cfme-5.6.2.1-1.el7cf.src.rpm
cfme-appliance-5.6.2.1-1.el7cf.src.rpm
cfme-gemset-5.6.2.1-1.el7cf.src.rpm
rh-ruby22-rubygem-nokogiri-1.6.8-1.el7cf.src.rpm
rh-ruby22-rubygem-pkg-config-1.1.7-1.el7cf.src.rpm
rh-ruby22-rubygem-thin-1.7.0-1.el7cf.src.rpm

noarch:
rh-ruby22-rubygem-pkg-config-1.1.7-1.el7cf.noarch.rpm
rh-ruby22-rubygem-pkg-config-doc-1.1.7-1.el7cf.noarch.rpm

x86_64:
cfme-5.6.2.1-1.el7cf.x86_64.rpm
cfme-appliance-5.6.2.1-1.el7cf.x86_64.rpm
cfme-appliance-debuginfo-5.6.2.1-1.el7cf.x86_64.rpm
cfme-debuginfo-5.6.2.1-1.el7cf.x86_64.rpm
cfme-gemset-5.6.2.1-1.el7cf.x86_64.rpm
rh-ruby22-rubygem-nokogiri-1.6.8-1.el7cf.x86_64.rpm
rh-ruby22-rubygem-nokogiri-debuginfo-1.6.8-1.el7cf.x86_64.rpm
rh-ruby22-rubygem-thin-1.7.0-1.el7cf.x86_64.rpm
rh-ruby22-rubygem-thin-debuginfo-1.7.0-1.el7cf.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-7040
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX8+h1XlSAg2UNWIIRAqC2AKCMq63wLKLBDCXsdyPCEBLX4K2c+QCgnP56
9CChz44Y3Wq4W9WuVYHX4Bs=
=CHp6
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close