what you don't know can hurt you

Red Hat Security Advisory 2018-0380-01

Red Hat Security Advisory 2018-0380-01
Posted Mar 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0380-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: A flaw was found in CloudForms in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP prevents exploitation of this XSS however not all browsers support CSP.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2017-15125
MD5 | c2fb88600f9209d507f9f5e45b216333

Red Hat Security Advisory 2018-0380-01

Change Mirror Download
Hash: SHA1

Red Hat Security Advisory

Synopsis: Moderate: Red Hat CloudForms security, bug fix, and enhancement update
Advisory ID: RHSA-2018:0380-01
Product: Red Hat CloudForms
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0380
Issue date: 2018-03-01
CVE Names: CVE-2017-15125

1. Summary:

An update is now available for CloudForms Management Engine 5.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.9 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

Security Fix(es):

* A flaw was found in CloudForms in the self-service UI snapshot feature
where the name field is not properly sanitized for HTML and JavaScript
input. An attacker could use this flaw to execute a stored XSS attack on an
application administrator using CloudForms. Please note that CSP (Content
Security Policy) prevents exploitation of this XSS however not all browsers
support CSP. (CVE-2017-15125)

This issue was discovered by Yadnyawalk Tale (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:


If the postgresql service is running, it will be automatically restarted
after installing this update. After installing the updated packages, the
httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1253012 - [RFE] Custom button filtering mechanism needed
1334930 - [RFE] Customer asking how to delete host instance using automate
1335989 - Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash
1339612 - Vmdb Last Start Time bad date
1341502 - Can't collect logs to subfolder using anonymous ftp connection
1341867 - [RFE] SmartState Analysis for OpenStack instances booted from Cinder volume
1371222 - EC2 autorefresh works only for items associated to instance/image
1373076 - [RFE] Publish VM to a template
1375506 - [RFE] Charge volume types differently.
1379185 - [RFE] Allow to configure OpenSCAP CVE definitions URL
1389660 - [RFE] Extend custom buttons visibility criteria
1393038 - [RFE] Display System Default Timeout Value in Reports
1393655 - HTML character codes while accessing the vm/templates page under a folder which has '/' in name
1393681 - Unsupported content type 'menu' ERROR in logs when generating Menu Widget for user
1395011 - 'Monthly Host Count per Provider' report should not contain public cloud providers
1395013 - 'Monthly Host Count per Provider' report should not contain Container providers
1395356 - [RFE] Targeted Refresh for Amazon VMs in via vm_object.refresh method
1395757 - [RFE] Cloud-Init Scripts in Google's Compute Engine
1395782 - Trying to connect to VM console randomly fails on RHV environments
1396529 - [RFE] when selecting flavour in Instance Provisioning there are no information about the flavour and the name make it complex to undertand
1397247 - Getting Couldn't find MiqTask Errors in evm.log
1398535 - UI: Text or check-box is misaligned on button summary page
1400064 - [RFE] Allow configuring the OpenShift proxy per provider in the UI
1401718 - Unfriendly error message when volumes quota exceeded
1402855 - [Azure] [SDN] - Network port names have long names
1402953 - [RFE] Call automate event 'request_created' for OpenStack instance 'Reconfigure this instance'
1403184 - "uninitialized constant MiqException::MiqVolumeBackupCreateError" when creating backup for cloud volume
1403784 - [RFE] Separate Volumes list and Volume Backup list
1404346 - [Scale] Full refresh taking a lot of time for RHV provider
1404357 - Targeted refresh enhacements for VM import\rename\migration events.
1405369 - Satellite 6 provider can be added without https prefix but reprovisioning fails with 301 Permanently Moved without it
1408274 - [scale] - reduce the amount of API objects to single object.
1410183 - [RFE] Add Serial Number information in reports for RHV host hardware report
1411300 - [RFE] OVN switch visualization and control within ManageIQ
1411515 - [RFE] Ability to control which custom buttons / button groups get displayed on Instances/VMs
1415764 - [RFE] Cloud Network summary should display ems_ref
1416510 - [RFE] Report on Container Project Quota
1416903 - power operations using REST API on parent service has no effect
1417021 - [RFE] Cannot use AWS CloudFormation YAML Template
1417313 - Schema missing warnings in logs
1417320 - invalid href in response from custom attributes edit action
1418338 - inconsistency in actions available for resource when accessed through different collections
1419872 - Creating second snapshot for suspended VM throws error in evm.log
1420872 - entities under /api/notifications collection are missing "delete" action with "DELETE" method
1421878 - API request is not returning expected result for LDAP user
1422206 - [RFE] Hiding /masking environment variables in container explorer
1422422 - [RFE] Allow for retirement based on date and time or delay
1422580 - [RFE] Retirement should support date and time selection
1422596 - entities under provider custom_attributes don't have "delete" action with "DELETE" method listed
1422671 - Seeding timeout when creating region in external database
1424794 - [RFE] add help Icon to Service Dialog Element to show description information
1424797 - [RFE] Help Menu are not customisable
1424804 - [RFE] In Service Dialog, Element Validation should run just after user enter Input and not when clicking submit button
1424808 - [RFE] In Service Dialog, Elements should remain Red until validation is met and then turn green
1424842 - Setting report menus via the API breaks report menus
1425153 - [RFE] - refuse to create the database on the same drive as the OS is installed onto
1427484 - Add 'X' option to enable closing the Notification window by it.
1427488 - On add new Provider/Host, the "Confirm Password" field is not actually required.
1428284 - [RFE] VMware VM Add Disk be able to specify controller type
1428438 - Removing Instances from the last page causes UI glitches
1428942 - [RFE] New Help Screen cannot be hidden/unhidden
1429014 - [RFE] Rename confusing button option
1429382 - remove Amazon provider discovery as an option
1430701 - Failure to fetch v2_key prevents relaunching appliance_console
1431370 - [RFE] Ability to select OpenStack External external network during the instance provisioning
1431815 - appliance_console_cli allows configuration that is not supported
1432578 - status 500 internal server error when invalid security group in provision request
1435773 - entities under /api/policies collection are missing "delete" action with "DELETE" method
1436846 - Unable to apply tag to Ansible Tower Providers
1437138 - containers: cannot edit a containers provider without hawkular
1437201 - attributes selection in query ignored for some collections
1437549 - containers: objects from previous providers remain in setup after provider delete
1437587 - False negative: Unable to reconfigure Instance "xxx": When resizing, instances must change flavor!
1439345 - appliance_console will not open if no network attached
1439882 - When attempting to configure internal database after running 'Configure Database Replication' error message says to chose none existent option
1440436 - Tag information not displayed on Switch summary page
1441144 - UI: "Refresh Relationships and Power states" on RHOS provider throws error in evm.log
1441319 - [SCVMM] Error during provision to CSVFS storage
1441637 - Tag Visibility | All cloud key pairs is visible for restricted user
1441721 - ERROR in the log when authentication session expires while catching RHV events
1442087 - REST API for service_requests/:id/tasks returning Tasks not seemingly associated with the defined service_task
1442765 - UI: Unable to create cloud volume
1442791 - get_user_object does not exist error durring authentication process for setup that does not pull groups from ldap
1443190 - Support operation `create` on CloudObjectStoreContainer
1443740 - Simplify Container and Container Definition Models
1445702 - Unable to generate report for middleware servers
1445735 - Add provider: No validation for non 'default' tab on init
1446585 - CFME servers not deleting from Web UI
1446801 - Set ownership on templates show error in logs
1447064 - Auth - External Auth - FreeIPA - User can still log in if their group is removed from LDAP server and they've logged in before
1447639 - Bad wording in error message when connections prevent db restore
1448139 - cfme-appliance requires telnet/vim
1448323 - [RFE] Add detailed error reporting when SmartState Analysis is failing
1448601 - Ansible - Repo - Property Page - No Page Refresh button
1448811 - Container FailedSync events no longer supported but still present in UI
1448827 - Unable to create incremental backup of cloud volume for attached volume
1448971 - Service Dialog Check Box Required Field Cannot be Unchecked if previously set
1450185 - Removed Job screens shown as available Features on role configuration screen
1450249 - [RFE] Out of the box OpenSCAP Images Report
1450839 - Restricted user can see vm/instance from different groups which have tags from users group
1451052 - [RFE] Self_Service UI does not utilize custom image in top right corner
1451132 - Missing % sign on CPU Utilization page for cloud instances and Availability zones
1451163 - Appliance console label capitalization corrections - NFS and SMB
1451266 - Rbac | Tag: Inconsistency in group/tag restriction for 'group or user owned' roles
1451577 - [RFE] Targeted refresh for Templates events
1452391 - [RFE] Last Refresh Include Time Stamp
1452799 - [RFE] Create Chargeback report based on Pods limits allocation of CPU and Memory
1455955 - web service and UI worker enabled, connection made to RHV-M API
1456406 - credential validation request performed by default zone rather than selected zone.
1458427 - [RFE] Display the MAC address of the machine in the VM/instance page summary
1458713 - [RFE][RHV] Host refresh enhancement
1459189 - [RFE] Allow to specify per Provider the location of OpenSCAP CVEs and Image-Inspector image
1459496 - labels next to checkboxes on Control Policies->Event Assignment page aren't clickable
1459555 - [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers
1461560 - Provisioning to RHV 4.1 Max Memory Size Needs to be Adjusted as Necesary
1461618 - [RFE] Dashboard at Project Level
1461872 - [RFE] CloudForms can receive Alert from Prometheus in OpenShift
1461939 - Unable to retrieve list of services
1461943 - [RFE] Alerts generated by Prometheus should be visible in an Alert UI in CloudForms
1461944 - [RFE] In Alert Management UI, it is possible to assign Alert to someone and Add Note
1461970 - [RFE] When adding OpenShift Provider, allow detection of Metrics endpoints
1462032 - appliance_console asks for database password twice when connecting to remote database
1462835 - [RFE][TD] Provide per-provider instance advanced settings
1464529 - the name of amazon providers aren't synced with the name of their network manager
1464924 - [RFE] Expose the provider disable option in the UI
1465395 - Frequent restarts for CinderManager::EventCatcher worker when doing refreshes with OpenStack Provider
1466172 - [RFE] add graph refresh support for RHV full refresh
1466340 - [RFE] Dialog System needs to be cleaned up and moved to ui-components
1466397 - Error message leaking JSON header while adding key pairs
1466417 - Can't Provision Vm via V3 (using ovirt gem)
1466514 - Auth - MIQLDAP External Auth - SSUI web interface hangs when switching to group that doesn't have SSUI permissions
1467692 - credentials not required when adding provider using the REST API
1468634 - Incorrect Max CPU and Memory usage values displayed
1469364 - [VM Provision] - Destination 'Cluster' should be required in order to submit VM provision
1470260 - Asc sort order for filtered tags returns error
1470357 - RFE : Add ManageIQ.qe.anythingInFlight() method to SUI javascript
1470491 - Service provision on Azure fails when managed image is used.
1470868 - [RFE] Timestamp shown for "Retiring soon" filter should be simplified
1471083 - Sorting is not working under Saved Reports Tab
1471146 - Unexpected error encountered while provider editing
1473379 - Storage profiles causing refresh to exceed 30+ minutes
1474094 - [RFE] Image list view should have also: number of containers and Last Image Scan date
1476666 - Error message shows Header info
1476705 - [RFE] Provisioned VM via cinder volume
1478802 - 'ManageIQ' showed in CFME Cloud Tenant Report
1479667 - Azure Cloud Network cfmeautopay shows higher instances number
1479859 - yum update from cloudforms 4.5.0 to 4.5.1 creates v2_key
1480281 - [RFE] href not returned when ordering service from the service_templates subcollection
1480814 - Rendering issues for graph in 'Optimize > Planning'
1481547 - [RFE] Missing the ability to set custom attributes on services via api
1483636 - [RFE] - VMware MANUAL Placement to Support ONLY Clusters
1483973 - Services order request failure is not reflected in the Self Service UI
1484024 - - [RFE] - VMware MANUAL Placement to Support ONLY Folders
1484770 - [RFE] Containers Providers should have a quadicon similar to cloud and infra providers
1485310 - href_slug attribute pointing to wrong collection
1485424 - Invalid "href" value in "versions" when API version is specified
1486041 - Unable to login to new user account when it contains one or more uppercase character(s)
1486224 - SUI fails to change group
1486264 - Openstack: undefined method `tenant_mapping_enabled=' for nil:NilClass
1486656 - "Error:no implicit conversion of nil into Array" on GCE provider refresh
1486797 - [RFE] Graph Refresh supported for OpenStack
1487089 - [RFE] OpenStack Provisioning support create Volume from Image and Image Snapshot
1487098 - [RFE] Support Security Group CRUD in OpenStack
1487103 - [RFE] Add/Remove Security Group to OpenStack Instance
1487112 - [RFE] Flavor CRUD for OpenStack
1487124 - [RFE] Multi-select Instance support in Openstack for Evacuation and Migration
1487135 - [RFE] User and OpenStack Tenant relationship maintained with EMS Refresh
1487212 - [RFE] OpenStack Task should use Notification
1487222 - [RFE] Support OSP12 Undercloud
1487433 - Storage Chargeback rates have 'Storag' instead of 'Storage' in Description
1487749 - MiqEvent or EVM Event always has current VM owner as user, not UI user of event initiator
1488004 - [RFE] Searching technique for the "values" drop down box
1488072 - [RFE] Reconnect container images when seen again
1488135 - [RFE] [AWS][SDN] - No Network routers loaded from provider
1488395 - Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]='
1489556 - v2_key has world readable (others) permissions of 0644
1489664 - [RFE] Create OpenStack flavor
1489908 - format conversion issues wiht openstack HOT heat templates for lists and hashes
1490091 - use RHV v4 api by default
1490103 - Unable to perform vm operation via button on self-service portal
1490639 - Automate Script Fails in Service UI with VM Record Not Found
1492268 - [PRD][RFE]Ansible Modules - Service Linking
1492269 - [PRD][RFE]Playbooks StateMachine Method Type
1492273 - [PRD][RFE]Ansible Custom Button - overlay with simpler UI Req
1492275 - [PRD][RFE]Dynamic Fields from VMDB
1492888 - Update the Insights UI to bring in new elements
1493785 - cannot create Service Orders with multiple service requests
1493996 - [RFE ] OpenStack: Handle dialog fields when provisioning using Heat Orchestration.
1494212 - [RFE] Description field in Dynamic Dialog Element cannot be updated from Automate Method
1494340 - Unexpected error while editing policy of Cloud Subnets
1494344 - Unexpected error encountering in Cloud Object Store Containers of cloud tenant
1494442 - symbol conversion error while detaching disks from an openstack instance
1495192 - [PRD][RFE] Backup & Restore
1496052 - [ALL_LANG] Compute - Containers - Topology page has untranslated warning message
1496233 - [RFE] Disable toast notifications by role in SUI
1496246 - Image URL is incorrect for Embedded Ansible Worker
1496407 - [ALL_LANG] Automation - Ansible : Configuration menu items not localized
1496749 - Custom Button set on Providers does not show up in OpenShift Providers.
1496848 - Access to RHV using the oVirt SDK may crash the events worker
1496979 - Check for UPN userid when "Get User Groups from External Authentication (httpd)" is not checkd
1497107 - [ALL_LANG] Storage - Block Storage - Volumes : Configuration menu item is untranslated
1497159 - [ALL_LANG] Storage - Object Storage - Object store containers : untranslated Configuration menu items
1497663 - [RFE] Allow grouping by Docker Label in Reporting
1497686 - [PRD] [RFE] Generic Object Support - Full CRUD
1497689 - [PRD] [RFE] Generic Object Support - REST API Support
1497692 - [PRD] [RFE] Generic Object Support - UI support tagging
1497703 - [PRD] [RFE] Generic Object Support - View Generic Objects on Ops UI service details
1497705 - [RFE] Generic Object Support - View Generic Objects on Service UI service details
1497728 - [RFE] Add new Service UI specific RBAC controls
1497732 - [RFE] Add RBAC to "App Launcher"
1497733 - [RFE] Rework Resource Details Level page per the new UX design
1497783 - [PRD] [RFE] Generic Object Support - Expose custom buttons backend
1497784 - [PRD] [RFE] Generic Object Support - Expose custom buttons via REST API
1497791 - [PRD] [RFE] Generic Object Support - Backend changes, service, report exclusion
1497947 - [RFE] Metrics: Number of hours should be available in Reporting including Chargeback
1500073 - RFE REST API - List all Container Nodes of all Container Providers
1500199 - Custom button with dialog in Cloud Tenant crashes
1500603 - [RFE] As an admin, I want to add user in multiple Groups without using external authentication
1500922 - [RFE][PRD] Support OpenShift Template in Catalog of Services
1500925 - [RFE][PRD] Allow closing Notification by just clicking on a aclose icon (x)a
1500929 - [RFE] New Service Dialog Editor re-design with Drag & Drop
1500956 - [RFE][PRD] Explore Allow Copy of highlighted text in Automate Without going into edit mode
1501260 - ipv6 DNS not accepted when setting static ipv4 address
1501333 - RBAC: Tag expression | Get Error filtering vm/instances
1502290 - [RFE] [PRD] Convert existing PF based and main dashboard widgets to Angular/API
1502299 - [RFE][PRD] Add severity setting to Alert editor
1502301 - [RFE] As an Admin, I want to be able to disable "Help Menu" in Self Service UI
1502304 - [RFE] Show buttons only if certain condition exists (Button Filtering)
1502307 - [RFE][PRD] Allow modifying dialog inputs when existing Order/Request is duplicated
1502310 - [RFE][PRD] Enable the submit button only when all validations in the dialog are ok
1502314 - [RFE][PRD] Show field that does not match expected pattern in red while typing
1502315 - [RFE][PRD] Add help button for every element with mouse hover support
1502316 - [RFE][PRD] Add the ability to search in drop down list in Service Dialog
1502318 - [RFE][PRD] Show all my snapshots in timeline view on the Snapshot Level Page
1502319 - [RFE][PRD] Add the ability to take a snapshot from Service Level and Resource Details Level
1502683 - Optimize API calls on My Services and VM details page
1502963 - RHV41 Provider Discovery failure
1503237 - labels next to new radio buttons cannot be clicked
1505110 - [RFE] New Type Report Based Metering
1506069 - [RFE] [PRD] Convert existing Provider PF based and main dashboard to Angular/API
1506463 - Graph refresh fails when targeting a vm.
1506816 - [RFE] Add Metering Used Hours to chargeback report for containers
1507414 - [RFE] support async requests for full refresh
1507574 - Azure instance retirement is broken
1507634 - [RFE] Orchestration Template refactoring and enhancement
1510066 - appliance_console loses currently configured secondary DNS when configuring network
1510134 - No flash message after a chargeback rate is updated
1511078 - Flash message should be shown instead of error dialogue box
1511105 - inconsistent response when deleting nonexistent authentication using API
1511151 - [RFE] VM Networks incorrectly discovered in SCVMM provider
1511521 - Title contains compressed string on Container Image Control Policy page
1511524 - Moving widgets to the bottom of a column fails
1511978 - Used disk space is 0% when value is not available from the Provider
1513482 - [RFE] Collect Persistent Volume Claim's requests and limits
1513489 - Auth SSUI - Self-service UI doesn't time out when session timeout is reached
1513625 - Setting custom ip while adding Floating IP has no effect
1514006 - [RFE] add an "admin portal" button for RHV provider 4.1.8 and above
1514116 - Maintenance tag should be shown in Host table during provision
1514141 - [PRD] [RFE] Generic Object Support - Expos custom buttons - Ops UI
1514154 - [PRD] [RFE] Generic Object Support - Assign custom buttons
1514525 - We cannot backdate the schedule once you schedule it
1515438 - [RFE] Support standard structured image scan annotation
1515486 - Cloudforms: Openstack tenant quota information is unknown for many fields in cloudforms
1517396 - CVE-2017-15125 cloudforms: XSS in self-service UI snapshot feature
1517817 - Embedded Ansible role claims to be activated but ERROR in evm.log
1517947 - pods status is shown as "phase" in the cfme properties table
1517954 - Unable to use the same tenant name across multiple regions.
1517959 - NTP config file doesn't change after clearing the NTP servers settings
1518775 - SmartStateAnalysis on template throws "Error: [undefined method `each' for #<DMiqVim:0x0000000c0c7090>]" in evm.log
1518872 - Configuration management provider without validation
1519473 - VMs on SCVMM report cores per socket and number of sockets incorrectly
1519984 - In CF 4.5 , custom report is not able to be shown in "Available Reports" option in "Edit Report Menus"
1520488 - [RFE] Implement Inventory Graph Refresh for OpenShift to improve collection performance
1520491 - [RFE][TD] Create and use Prometheus Alert Buffer Ruby client
1520500 - [OSP] - Unable to remove cloud tenant (keystone V3)
1520552 - [RFE][PRD] As an Admin, I want to set custom buttons at any Object levels in providers for single and list view
1520617 - fog auth errors when openstack project is disabled in provider side
1522846 - Service names starting with 'VM-' can cause report generation failures with "`load_missing_constant': Unable to autoload constant VM"
1524611 - Please expose generic objects to the services service model
1524626 - Fix precision and reliability of metrics collection for OpenShift
1526047 - Access control roles not modifying correctly.
1526085 - Services->My Services page has missing translations for some entries
1526089 - [ALL_LANG] Compute - Clouds - Providers - Provider page has untranslated entries
1526090 - [ALL_LANG] Storage - Block Storage - Managers page has untranslated entries
1526118 - Stored C&U "CPU (Mhz)" values for RHV VMs are incorrect (too high) by a factor of two
1526582 - Tag names on Topology page contain full path
1526586 - [RFE] Remove Alerts Severity when creating Alerts
1527108 - [RFE] Embedded Ansible Playbooks Unable to be Tagged
1527576 - [RFE] As an admin & User, I want to search across all services in My Services with basic and Advanced search
1527578 - Tooltip on retire button blocks the click of options
1527625 - Problem enabling SSL connections to CF database node
1527663 - cpu_usagemhz_rate_average is 0 for RHV 4 VMs
1527665 - Cannot install CloudForms in a 3TB disk
1530645 - openshift provider add/edit error should show or log full provider response
1530674 - Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone
1530713 - vim_performance_tag_values table growing too much
1530734 - [RFE] CloudForms can collect Metrics from Prometheus in OpenShift
1530736 - [RFE][TD] Create and use Prometheus Metrics Ruby client
1530739 - An IPv6 address for a RHV VM's NIC is incorrectly stored as an ipaddress attribute rather than ipv6address attribute
1530794 - Edit Tag Page : Check box is present near quadicon
1530820 - Name has Already been taken error when editing zone in Global Region
1531303 - ae_max_retries does not show the correct value after one retry if called through multiple relations each limited by different max retries counts
1531304 - [RFE] Reconfigure for Cloud Vm should get auto-approved.
1531312 - Policy button missing on switch detail page
1531602 - CloudForms: Unable to perform "Exit Maintenance Mode" task of VMware host
1531605 - [ALL_LANG] Storage - Block Storage : Snapshots and Backups pages have untranslated entries
1532354 - Tag | 'Reset' button doesn't work for tag page opened from service item detail page
1532355 - Tag | Service Item: Part of tag edit page is missing after click on 'Reset' button
1532646 - VPC tags are not honored in Infra provisioning and Service Catalog Item creation
1533219 - Control->Explorer is visible for evmgroup-security role
1533499 - [RHEV provider][vm provision] Specifying vnic profile on virtual nic instead of network.
1534753 - SSA: Datastores: Get SmartState Analysis for 1 storages complete (1 in Error) for some datastores types
1535059 - when I turn ON notifier, spamming my inbox with email notifications for past notifications
1535062 - While adding subnet through normal user admin tenant is visible
1536046 - Service Catalog Item custom images does not replicate to global region
1536101 - Container Nodes should be archived instead of being deleted
1537131 - Miq Server leaks memory and we fail to detect and remediate it
1537135 - [RFE] Container Roles must contain New Monitoring features
1537303 - [RFE] Update vSphere OVA settings (SCSI controller, NIC adaptor and hardware version)
1537790 - Event AWS_API_CALL_TerminateInstances on EC2 in wrong timeline category
1539074 - [RFE][RADAR] New Metering Calculation for Middleware Products running on OpenShift
1539124 - Unexpected behavior when importing datastore with 2 domains from Git
1541175 - Tag assignment: 'Reset' button doesn't work for vms, templates

6. Package List:

CloudForms Management Engine 5.9:




These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from

7. References:


8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
Version: GnuPG v1


RHSA-announce mailing list


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By