-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat CloudForms security, bug fix, and enhancement update Advisory ID: RHSA-2018:0380-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2018:0380 Issue date: 2018-03-01 CVE Names: CVE-2017-15125 ===================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.9 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * A flaw was found in CloudForms in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP. (CVE-2017-15125) This issue was discovered by Yadnyawalk Tale (Red Hat). Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1253012 - [RFE] Custom button filtering mechanism needed 1334930 - [RFE] Customer asking how to delete host instance using automate 1335989 - Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash 1339612 - Vmdb Last Start Time bad date 1341502 - Can't collect logs to subfolder using anonymous ftp connection 1341867 - [RFE] SmartState Analysis for OpenStack instances booted from Cinder volume 1371222 - EC2 autorefresh works only for items associated to instance/image 1373076 - [RFE] Publish VM to a template 1375506 - [RFE] Charge volume types differently. 1379185 - [RFE] Allow to configure OpenSCAP CVE definitions URL 1389660 - [RFE] Extend custom buttons visibility criteria 1393038 - [RFE] Display System Default Timeout Value in Reports 1393655 - HTML character codes while accessing the vm/templates page under a folder which has '/' in name 1393681 - Unsupported content type 'menu' ERROR in logs when generating Menu Widget for user 1395011 - 'Monthly Host Count per Provider' report should not contain public cloud providers 1395013 - 'Monthly Host Count per Provider' report should not contain Container providers 1395356 - [RFE] Targeted Refresh for Amazon VMs in via vm_object.refresh method 1395757 - [RFE] Cloud-Init Scripts in Google's Compute Engine 1395782 - Trying to connect to VM console randomly fails on RHV environments 1396529 - [RFE] when selecting flavour in Instance Provisioning there are no information about the flavour and the name make it complex to undertand 1397247 - Getting Couldn't find MiqTask Errors in evm.log 1398535 - UI: Text or check-box is misaligned on button summary page 1400064 - [RFE] Allow configuring the OpenShift proxy per provider in the UI 1401718 - Unfriendly error message when volumes quota exceeded 1402855 - [Azure] [SDN] - Network port names have long names 1402953 - [RFE] Call automate event 'request_created' for OpenStack instance 'Reconfigure this instance' 1403184 - "uninitialized constant MiqException::MiqVolumeBackupCreateError" when creating backup for cloud volume 1403784 - [RFE] Separate Volumes list and Volume Backup list 1404346 - [Scale] Full refresh taking a lot of time for RHV provider 1404357 - Targeted refresh enhacements for VM import\rename\migration events. 1405369 - Satellite 6 provider can be added without https prefix but reprovisioning fails with 301 Permanently Moved without it 1408274 - [scale] - reduce the amount of API objects to single object. 1410183 - [RFE] Add Serial Number information in reports for RHV host hardware report 1411300 - [RFE] OVN switch visualization and control within ManageIQ 1411515 - [RFE] Ability to control which custom buttons / button groups get displayed on Instances/VMs 1415764 - [RFE] Cloud Network summary should display ems_ref 1416510 - [RFE] Report on Container Project Quota 1416903 - power operations using REST API on parent service has no effect 1417021 - [RFE] Cannot use AWS CloudFormation YAML Template 1417313 - Schema missing warnings in logs 1417320 - invalid href in response from custom attributes edit action 1418338 - inconsistency in actions available for resource when accessed through different collections 1419872 - Creating second snapshot for suspended VM throws error in evm.log 1420872 - entities under /api/notifications collection are missing "delete" action with "DELETE" method 1421878 - API request is not returning expected result for LDAP user 1422206 - [RFE] Hiding /masking environment variables in container explorer 1422422 - [RFE] Allow for retirement based on date and time or delay 1422580 - [RFE] Retirement should support date and time selection 1422596 - entities under provider custom_attributes don't have "delete" action with "DELETE" method listed 1422671 - Seeding timeout when creating region in external database 1424794 - [RFE] add help Icon to Service Dialog Element to show description information 1424797 - [RFE] Help Menu are not customisable 1424804 - [RFE] In Service Dialog, Element Validation should run just after user enter Input and not when clicking submit button 1424808 - [RFE] In Service Dialog, Elements should remain Red until validation is met and then turn green 1424842 - Setting report menus via the API breaks report menus 1425153 - [RFE] - refuse to create the database on the same drive as the OS is installed onto 1427484 - Add 'X' option to enable closing the Notification window by it. 1427488 - On add new Provider/Host, the "Confirm Password" field is not actually required. 1428284 - [RFE] VMware VM Add Disk be able to specify controller type 1428438 - Removing Instances from the last page causes UI glitches 1428942 - [RFE] New Help Screen cannot be hidden/unhidden 1429014 - [RFE] Rename confusing button option 1429382 - remove Amazon provider discovery as an option 1430701 - Failure to fetch v2_key prevents relaunching appliance_console 1431370 - [RFE] Ability to select OpenStack External external network during the instance provisioning 1431815 - appliance_console_cli allows configuration that is not supported 1432578 - status 500 internal server error when invalid security group in provision request 1435773 - entities under /api/policies collection are missing "delete" action with "DELETE" method 1436846 - Unable to apply tag to Ansible Tower Providers 1437138 - containers: cannot edit a containers provider without hawkular 1437201 - attributes selection in query ignored for some collections 1437549 - containers: objects from previous providers remain in setup after provider delete 1437587 - False negative: Unable to reconfigure Instance "xxx": When resizing, instances must change flavor! 1439345 - appliance_console will not open if no network attached 1439882 - When attempting to configure internal database after running 'Configure Database Replication' error message says to chose none existent option 1440436 - Tag information not displayed on Switch summary page 1441144 - UI: "Refresh Relationships and Power states" on RHOS provider throws error in evm.log 1441319 - [SCVMM] Error during provision to CSVFS storage 1441637 - Tag Visibility | All cloud key pairs is visible for restricted user 1441721 - ERROR in the log when authentication session expires while catching RHV events 1442087 - REST API for service_requests/:id/tasks returning Tasks not seemingly associated with the defined service_task 1442765 - UI: Unable to create cloud volume 1442791 - get_user_object does not exist error durring authentication process for setup that does not pull groups from ldap 1443190 - Support operation `create` on CloudObjectStoreContainer 1443740 - Simplify Container and Container Definition Models 1445702 - Unable to generate report for middleware servers 1445735 - Add provider: No validation for non 'default' tab on init 1446585 - CFME servers not deleting from Web UI 1446801 - Set ownership on templates show error in logs 1447064 - Auth - External Auth - FreeIPA - User can still log in if their group is removed from LDAP server and they've logged in before 1447639 - Bad wording in error message when connections prevent db restore 1448139 - cfme-appliance requires telnet/vim 1448323 - [RFE] Add detailed error reporting when SmartState Analysis is failing 1448601 - Ansible - Repo - Property Page - No Page Refresh button 1448811 - Container FailedSync events no longer supported but still present in UI 1448827 - Unable to create incremental backup of cloud volume for attached volume 1448971 - Service Dialog Check Box Required Field Cannot be Unchecked if previously set 1450185 - Removed Job screens shown as available Features on role configuration screen 1450249 - [RFE] Out of the box OpenSCAP Images Report 1450839 - Restricted user can see vm/instance from different groups which have tags from users group 1451052 - [RFE] Self_Service UI does not utilize custom image in top right corner 1451132 - Missing % sign on CPU Utilization page for cloud instances and Availability zones 1451163 - Appliance console label capitalization corrections - NFS and SMB 1451266 - Rbac | Tag: Inconsistency in group/tag restriction for 'group or user owned' roles 1451577 - [RFE] Targeted refresh for Templates events 1452391 - [RFE] Last Refresh Include Time Stamp 1452799 - [RFE] Create Chargeback report based on Pods limits allocation of CPU and Memory 1455955 - web service and UI worker enabled, connection made to RHV-M API 1456406 - credential validation request performed by default zone rather than selected zone. 1458427 - [RFE] Display the MAC address of the machine in the VM/instance page summary 1458713 - [RFE][RHV] Host refresh enhancement 1459189 - [RFE] Allow to specify per Provider the location of OpenSCAP CVEs and Image-Inspector image 1459496 - labels next to checkboxes on Control Policies->Event Assignment page aren't clickable 1459555 - [RFE] Allow to specify Location of OpenScap file and Image-Inspector for all OpenShift providers 1461560 - Provisioning to RHV 4.1 Max Memory Size Needs to be Adjusted as Necesary 1461618 - [RFE] Dashboard at Project Level 1461872 - [RFE] CloudForms can receive Alert from Prometheus in OpenShift 1461939 - Unable to retrieve list of services 1461943 - [RFE] Alerts generated by Prometheus should be visible in an Alert UI in CloudForms 1461944 - [RFE] In Alert Management UI, it is possible to assign Alert to someone and Add Note 1461970 - [RFE] When adding OpenShift Provider, allow detection of Metrics endpoints 1462032 - appliance_console asks for database password twice when connecting to remote database 1462835 - [RFE][TD] Provide per-provider instance advanced settings 1464529 - the name of amazon providers aren't synced with the name of their network manager 1464924 - [RFE] Expose the provider disable option in the UI 1465395 - Frequent restarts for CinderManager::EventCatcher worker when doing refreshes with OpenStack Provider 1466172 - [RFE] add graph refresh support for RHV full refresh 1466340 - [RFE] Dialog System needs to be cleaned up and moved to ui-components 1466397 - Error message leaking JSON header while adding key pairs 1466417 - Can't Provision Vm via V3 (using ovirt gem) 1466514 - Auth - MIQLDAP External Auth - SSUI web interface hangs when switching to group that doesn't have SSUI permissions 1467692 - credentials not required when adding provider using the REST API 1468634 - Incorrect Max CPU and Memory usage values displayed 1469364 - [VM Provision] - Destination 'Cluster' should be required in order to submit VM provision 1470260 - Asc sort order for filtered tags returns error 1470357 - RFE : Add ManageIQ.qe.anythingInFlight() method to SUI javascript 1470491 - Service provision on Azure fails when managed image is used. 1470868 - [RFE] Timestamp shown for "Retiring soon" filter should be simplified 1471083 - Sorting is not working under Saved Reports Tab 1471146 - Unexpected error encountered while provider editing 1473379 - Storage profiles causing refresh to exceed 30+ minutes 1474094 - [RFE] Image list view should have also: number of containers and Last Image Scan date 1476666 - Error message shows Header info 1476705 - [RFE] Provisioned VM via cinder volume 1478802 - 'ManageIQ' showed in CFME Cloud Tenant Report 1479667 - Azure Cloud Network cfmeautopay shows higher instances number 1479859 - yum update from cloudforms 4.5.0 to 4.5.1 creates v2_key 1480281 - [RFE] href not returned when ordering service from the service_templates subcollection 1480814 - Rendering issues for graph in 'Optimize > Planning' 1481547 - [RFE] Missing the ability to set custom attributes on services via api 1483636 - [RFE] - VMware MANUAL Placement to Support ONLY Clusters 1483973 - Services order request failure is not reflected in the Self Service UI 1484024 - - [RFE] - VMware MANUAL Placement to Support ONLY Folders 1484770 - [RFE] Containers Providers should have a quadicon similar to cloud and infra providers 1485310 - href_slug attribute pointing to wrong collection 1485424 - Invalid "href" value in "versions" when API version is specified 1486041 - Unable to login to new user account when it contains one or more uppercase character(s) 1486224 - SUI fails to change group 1486264 - Openstack: undefined method `tenant_mapping_enabled=' for nil:NilClass 1486656 - "Error:no implicit conversion of nil into Array" on GCE provider refresh 1486797 - [RFE] Graph Refresh supported for OpenStack 1487089 - [RFE] OpenStack Provisioning support create Volume from Image and Image Snapshot 1487098 - [RFE] Support Security Group CRUD in OpenStack 1487103 - [RFE] Add/Remove Security Group to OpenStack Instance 1487112 - [RFE] Flavor CRUD for OpenStack 1487124 - [RFE] Multi-select Instance support in Openstack for Evacuation and Migration 1487135 - [RFE] User and OpenStack Tenant relationship maintained with EMS Refresh 1487212 - [RFE] OpenStack Task should use Notification 1487222 - [RFE] Support OSP12 Undercloud 1487433 - Storage Chargeback rates have 'Storag' instead of 'Storage' in Description 1487749 - MiqEvent or EVM Event always has current VM owner as user, not UI user of event initiator 1488004 - [RFE] Searching technique for the "values" drop down box 1488072 - [RFE] Reconnect container images when seen again 1488135 - [RFE] [AWS][SDN] - No Network routers loaded from provider 1488395 - Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]=' 1489556 - v2_key has world readable (others) permissions of 0644 1489664 - [RFE] Create OpenStack flavor 1489908 - format conversion issues wiht openstack HOT heat templates for lists and hashes 1490091 - use RHV v4 api by default 1490103 - Unable to perform vm operation via button on self-service portal 1490639 - Automate Script Fails in Service UI with VM Record Not Found 1492268 - [PRD][RFE]Ansible Modules - Service Linking 1492269 - [PRD][RFE]Playbooks StateMachine Method Type 1492273 - [PRD][RFE]Ansible Custom Button - overlay with simpler UI Req 1492275 - [PRD][RFE]Dynamic Fields from VMDB 1492888 - Update the Insights UI to bring in new elements 1493785 - cannot create Service Orders with multiple service requests 1493996 - [RFE ] OpenStack: Handle dialog fields when provisioning using Heat Orchestration. 1494212 - [RFE] Description field in Dynamic Dialog Element cannot be updated from Automate Method 1494340 - Unexpected error while editing policy of Cloud Subnets 1494344 - Unexpected error encountering in Cloud Object Store Containers of cloud tenant 1494442 - symbol conversion error while detaching disks from an openstack instance 1495192 - [PRD][RFE] Backup & Restore 1496052 - [ALL_LANG] Compute - Containers - Topology page has untranslated warning message 1496233 - [RFE] Disable toast notifications by role in SUI 1496246 - Image URL is incorrect for Embedded Ansible Worker 1496407 - [ALL_LANG] Automation - Ansible : Configuration menu items not localized 1496749 - Custom Button set on Providers does not show up in OpenShift Providers. 1496848 - Access to RHV using the oVirt SDK may crash the events worker 1496979 - Check for UPN userid when "Get User Groups from External Authentication (httpd)" is not checkd 1497107 - [ALL_LANG] Storage - Block Storage - Volumes : Configuration menu item is untranslated 1497159 - [ALL_LANG] Storage - Object Storage - Object store containers : untranslated Configuration menu items 1497663 - [RFE] Allow grouping by Docker Label in Reporting 1497686 - [PRD] [RFE] Generic Object Support - Full CRUD 1497689 - [PRD] [RFE] Generic Object Support - REST API Support 1497692 - [PRD] [RFE] Generic Object Support - UI support tagging 1497703 - [PRD] [RFE] Generic Object Support - View Generic Objects on Ops UI service details 1497705 - [RFE] Generic Object Support - View Generic Objects on Service UI service details 1497728 - [RFE] Add new Service UI specific RBAC controls 1497732 - [RFE] Add RBAC to "App Launcher" 1497733 - [RFE] Rework Resource Details Level page per the new UX design 1497783 - [PRD] [RFE] Generic Object Support - Expose custom buttons backend 1497784 - [PRD] [RFE] Generic Object Support - Expose custom buttons via REST API 1497791 - [PRD] [RFE] Generic Object Support - Backend changes, service, report exclusion 1497947 - [RFE] Metrics: Number of hours should be available in Reporting including Chargeback 1500073 - RFE REST API - List all Container Nodes of all Container Providers 1500199 - Custom button with dialog in Cloud Tenant crashes 1500603 - [RFE] As an admin, I want to add user in multiple Groups without using external authentication 1500922 - [RFE][PRD] Support OpenShift Template in Catalog of Services 1500925 - [RFE][PRD] Allow closing Notification by just clicking on a aclose icon (x)a 1500929 - [RFE] New Service Dialog Editor re-design with Drag & Drop 1500956 - [RFE][PRD] Explore Allow Copy of highlighted text in Automate Without going into edit mode 1501260 - ipv6 DNS not accepted when setting static ipv4 address 1501333 - RBAC: Tag expression | Get Error filtering vm/instances 1502290 - [RFE] [PRD] Convert existing PF based and main dashboard widgets to Angular/API 1502299 - [RFE][PRD] Add severity setting to Alert editor 1502301 - [RFE] As an Admin, I want to be able to disable "Help Menu" in Self Service UI 1502304 - [RFE] Show buttons only if certain condition exists (Button Filtering) 1502307 - [RFE][PRD] Allow modifying dialog inputs when existing Order/Request is duplicated 1502310 - [RFE][PRD] Enable the submit button only when all validations in the dialog are ok 1502314 - [RFE][PRD] Show field that does not match expected pattern in red while typing 1502315 - [RFE][PRD] Add help button for every element with mouse hover support 1502316 - [RFE][PRD] Add the ability to search in drop down list in Service Dialog 1502318 - [RFE][PRD] Show all my snapshots in timeline view on the Snapshot Level Page 1502319 - [RFE][PRD] Add the ability to take a snapshot from Service Level and Resource Details Level 1502683 - Optimize API calls on My Services and VM details page 1502963 - RHV41 Provider Discovery failure 1503237 - labels next to new radio buttons cannot be clicked 1505110 - [RFE] New Type Report Based Metering 1506069 - [RFE] [PRD] Convert existing Provider PF based and main dashboard to Angular/API 1506463 - Graph refresh fails when targeting a vm. 1506816 - [RFE] Add Metering Used Hours to chargeback report for containers 1507414 - [RFE] support async requests for full refresh 1507574 - Azure instance retirement is broken 1507634 - [RFE] Orchestration Template refactoring and enhancement 1510066 - appliance_console loses currently configured secondary DNS when configuring network 1510134 - No flash message after a chargeback rate is updated 1511078 - Flash message should be shown instead of error dialogue box 1511105 - inconsistent response when deleting nonexistent authentication using API 1511151 - [RFE] VM Networks incorrectly discovered in SCVMM provider 1511521 - Title contains compressed string on Container Image Control Policy page 1511524 - Moving widgets to the bottom of a column fails 1511978 - Used disk space is 0% when value is not available from the Provider 1513482 - [RFE] Collect Persistent Volume Claim's requests and limits 1513489 - Auth SSUI - Self-service UI doesn't time out when session timeout is reached 1513625 - Setting custom ip while adding Floating IP has no effect 1514006 - [RFE] add an "admin portal" button for RHV provider 4.1.8 and above 1514116 - Maintenance tag should be shown in Host table during provision 1514141 - [PRD] [RFE] Generic Object Support - Expos custom buttons - Ops UI 1514154 - [PRD] [RFE] Generic Object Support - Assign custom buttons 1514525 - We cannot backdate the schedule once you schedule it 1515438 - [RFE] Support standard structured image scan annotation 1515486 - Cloudforms: Openstack tenant quota information is unknown for many fields in cloudforms 1517396 - CVE-2017-15125 cloudforms: XSS in self-service UI snapshot feature 1517817 - Embedded Ansible role claims to be activated but ERROR in evm.log 1517947 - pods status is shown as "phase" in the cfme properties table 1517954 - Unable to use the same tenant name across multiple regions. 1517959 - NTP config file doesn't change after clearing the NTP servers settings 1518775 - SmartStateAnalysis on template throws "Error: [undefined method `each' for #]" in evm.log 1518872 - Configuration management provider without validation 1519473 - VMs on SCVMM report cores per socket and number of sockets incorrectly 1519984 - In CF 4.5 , custom report is not able to be shown in "Available Reports" option in "Edit Report Menus" 1520488 - [RFE] Implement Inventory Graph Refresh for OpenShift to improve collection performance 1520491 - [RFE][TD] Create and use Prometheus Alert Buffer Ruby client 1520500 - [OSP] - Unable to remove cloud tenant (keystone V3) 1520552 - [RFE][PRD] As an Admin, I want to set custom buttons at any Object levels in providers for single and list view 1520617 - fog auth errors when openstack project is disabled in provider side 1522846 - Service names starting with 'VM-' can cause report generation failures with "`load_missing_constant': Unable to autoload constant VM" 1524611 - Please expose generic objects to the services service model 1524626 - Fix precision and reliability of metrics collection for OpenShift 1526047 - Access control roles not modifying correctly. 1526085 - Services->My Services page has missing translations for some entries 1526089 - [ALL_LANG] Compute - Clouds - Providers - Provider page has untranslated entries 1526090 - [ALL_LANG] Storage - Block Storage - Managers page has untranslated entries 1526118 - Stored C&U "CPU (Mhz)" values for RHV VMs are incorrect (too high) by a factor of two 1526582 - Tag names on Topology page contain full path 1526586 - [RFE] Remove Alerts Severity when creating Alerts 1527108 - [RFE] Embedded Ansible Playbooks Unable to be Tagged 1527576 - [RFE] As an admin & User, I want to search across all services in My Services with basic and Advanced search 1527578 - Tooltip on retire button blocks the click of options 1527625 - Problem enabling SSL connections to CF database node 1527663 - cpu_usagemhz_rate_average is 0 for RHV 4 VMs 1527665 - Cannot install CloudForms in a 3TB disk 1530645 - openshift provider add/edit error should show or log full provider response 1530674 - Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone 1530713 - vim_performance_tag_values table growing too much 1530734 - [RFE] CloudForms can collect Metrics from Prometheus in OpenShift 1530736 - [RFE][TD] Create and use Prometheus Metrics Ruby client 1530739 - An IPv6 address for a RHV VM's NIC is incorrectly stored as an ipaddress attribute rather than ipv6address attribute 1530794 - Edit Tag Page : Check box is present near quadicon 1530820 - Name has Already been taken error when editing zone in Global Region 1531303 - ae_max_retries does not show the correct value after one retry if called through multiple relations each limited by different max retries counts 1531304 - [RFE] Reconfigure for Cloud Vm should get auto-approved. 1531312 - Policy button missing on switch detail page 1531602 - CloudForms: Unable to perform "Exit Maintenance Mode" task of VMware host 1531605 - [ALL_LANG] Storage - Block Storage : Snapshots and Backups pages have untranslated entries 1532354 - Tag | 'Reset' button doesn't work for tag page opened from service item detail page 1532355 - Tag | Service Item: Part of tag edit page is missing after click on 'Reset' button 1532646 - VPC tags are not honored in Infra provisioning and Service Catalog Item creation 1533219 - Control->Explorer is visible for evmgroup-security role 1533499 - [RHEV provider][vm provision] Specifying vnic profile on virtual nic instead of network. 1534753 - SSA: Datastores: Get SmartState Analysis for 1 storages complete (1 in Error) for some datastores types 1535059 - when I turn ON notifier, spamming my inbox with email notifications for past notifications 1535062 - While adding subnet through normal user admin tenant is visible 1536046 - Service Catalog Item custom images does not replicate to global region 1536101 - Container Nodes should be archived instead of being deleted 1537131 - Miq Server leaks memory and we fail to detect and remediate it 1537135 - [RFE] Container Roles must contain New Monitoring features 1537303 - [RFE] Update vSphere OVA settings (SCSI controller, NIC adaptor and hardware version) 1537790 - Event AWS_API_CALL_TerminateInstances on EC2 in wrong timeline category 1539074 - [RFE][RADAR] New Metering Calculation for Middleware Products running on OpenShift 1539124 - Unexpected behavior when importing datastore with 2 domains from Git 1541175 - Tag assignment: 'Reset' button doesn't work for vms, templates 6. Package List: CloudForms Management Engine 5.9: Source: ansible-2.4.3.0-1.el7ae.src.rpm ansible-tower-3.1.5-3.el7at.src.rpm bubblewrap-0.1.7-1.el7.src.rpm cfme-5.9.0.22-1.el7cf.src.rpm cfme-amazon-smartstate-5.9.0.22-1.el7cf.src.rpm cfme-appliance-5.9.0.22-1.el7cf.src.rpm cfme-gemset-5.9.0.22-1.el7cf.src.rpm dbus-api-service-1.0.1-2.el7cf.src.rpm dumb-init-1.2.0-1.el7.src.rpm erlang-19.0.4-1.el7at.src.rpm freeipmi-1.5.1-2.el7cf.src.rpm google-compute-engine-2.0.0-1.el7cf.src.rpm google-config-2.0.0-1.el7cf.src.rpm httpd-configmap-generator-0.2.1-1.el7cf.src.rpm nginx-1.10.2-1.el7at.src.rpm postgresql94-9.4.15-3PGDG.el7at.src.rpm prince-9.0r2-10.el7cf.src.rpm python-crypto-2.6.1-16.el7at.src.rpm python-jmespath-0.9.0-4.el7ae.src.rpm python-meld3-0.6.10-1.el7.src.rpm python-paramiko-2.1.1-2.el7ae.src.rpm qpid-proton-0.19.0-1.el7cf.src.rpm rabbitmq-server-3.6.9-1.el7at.src.rpm rh-postgresql95-postgresql-pglogical-2.1.0-2.el7cf.src.rpm rh-postgresql95-repmgr-3.1.3-2.el7cf.src.rpm rh-ruby23-rubygem-bcrypt-3.1.11-1.el7cf.src.rpm rh-ruby23-rubygem-ffi-1.9.18-1.el7cf.src.rpm rh-ruby23-rubygem-hamlit-2.7.5-1.el7cf.src.rpm rh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.src.rpm rh-ruby23-rubygem-json-2.0.4-1.el7cf.src.rpm rh-ruby23-rubygem-linux_block_device-0.2.1-1.el7cf.src.rpm rh-ruby23-rubygem-memory_buffer-0.1.0-2.el7cf.src.rpm rh-ruby23-rubygem-nio4r-2.1.0-1.el7cf.src.rpm rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.src.rpm rh-ruby23-rubygem-ovirt-engine-sdk4-4.2.1-1.el7cf.src.rpm rh-ruby23-rubygem-pg-0.18.4-1.el7cf.src.rpm rh-ruby23-rubygem-puma-3.7.1-1.el7cf.src.rpm rh-ruby23-rubygem-qpid_proton-0.19.0-1.el7cf.src.rpm rh-ruby23-rubygem-redhat_access_cfme-2.0.2-2.el7cf.src.rpm rh-ruby23-rubygem-redhat_access_lib-1.1.4-1.el7cf.src.rpm rh-ruby23-rubygem-rugged-0.25.1.1-1.el7cf.src.rpm rh-ruby23-rubygem-sqlite3-1.3.13-1.el7cf.src.rpm rh-ruby23-rubygem-unf_ext-0.0.7.4-1.el7cf.src.rpm rh-ruby23-rubygem-websocket-driver-0.6.5-1.el7cf.src.rpm smem-1.4-1.el7cf.src.rpm supervisor-3.1.4-1.el7.src.rpm wmi-1.3.14-7.el7cf.src.rpm noarch: ansible-2.4.3.0-1.el7ae.noarch.rpm ansible-doc-2.4.3.0-1.el7ae.noarch.rpm google-compute-engine-2.0.0-1.el7cf.noarch.rpm nginx-all-modules-1.10.2-1.el7at.noarch.rpm nginx-filesystem-1.10.2-1.el7at.noarch.rpm python-paramiko-2.1.1-2.el7ae.noarch.rpm python-paramiko-doc-2.1.1-2.el7ae.noarch.rpm python-qpid-proton-docs-0.19.0-1.el7cf.noarch.rpm python2-jmespath-0.9.0-4.el7ae.noarch.rpm qpid-proton-c-docs-0.19.0-1.el7cf.noarch.rpm qpid-proton-cpp-docs-0.19.0-1.el7cf.noarch.rpm rabbitmq-server-3.6.9-1.el7at.noarch.rpm rh-ruby23-rubygem-bcrypt-doc-3.1.11-1.el7cf.noarch.rpm rh-ruby23-rubygem-ffi-doc-1.9.18-1.el7cf.noarch.rpm rh-ruby23-rubygem-hamlit-doc-2.7.5-1.el7cf.noarch.rpm rh-ruby23-rubygem-http_parser.rb-doc-0.6.0-1.el7cf.noarch.rpm rh-ruby23-rubygem-linux_block_device-doc-0.2.1-1.el7cf.noarch.rpm rh-ruby23-rubygem-memory_buffer-doc-0.1.0-2.el7cf.noarch.rpm rh-ruby23-rubygem-nio4r-doc-2.1.0-1.el7cf.noarch.rpm rh-ruby23-rubygem-ovirt-engine-sdk4-doc-4.2.1-1.el7cf.noarch.rpm rh-ruby23-rubygem-pg-doc-0.18.4-1.el7cf.noarch.rpm rh-ruby23-rubygem-puma-doc-3.7.1-1.el7cf.noarch.rpm rh-ruby23-rubygem-qpid_proton-doc-0.19.0-1.el7cf.noarch.rpm rh-ruby23-rubygem-redhat_access_cfme-2.0.2-2.el7cf.noarch.rpm rh-ruby23-rubygem-redhat_access_cfme-doc-2.0.2-2.el7cf.noarch.rpm rh-ruby23-rubygem-redhat_access_lib-1.1.4-1.el7cf.noarch.rpm rh-ruby23-rubygem-rugged-doc-0.25.1.1-1.el7cf.noarch.rpm rh-ruby23-rubygem-sqlite3-doc-1.3.13-1.el7cf.noarch.rpm rh-ruby23-rubygem-unf_ext-doc-0.0.7.4-1.el7cf.noarch.rpm rh-ruby23-rubygem-websocket-driver-doc-0.6.5-1.el7cf.noarch.rpm smem-1.4-1.el7cf.noarch.rpm supervisor-3.1.4-1.el7.noarch.rpm x86_64: ansible-tower-3.1.5-3.el7at.x86_64.rpm ansible-tower-server-3.1.5-3.el7at.x86_64.rpm ansible-tower-setup-3.1.5-3.el7at.x86_64.rpm ansible-tower-ui-3.1.5-3.el7at.x86_64.rpm bubblewrap-0.1.7-1.el7.x86_64.rpm bubblewrap-debuginfo-0.1.7-1.el7.x86_64.rpm cfme-5.9.0.22-1.el7cf.x86_64.rpm cfme-amazon-smartstate-5.9.0.22-1.el7cf.x86_64.rpm cfme-appliance-5.9.0.22-1.el7cf.x86_64.rpm cfme-appliance-common-5.9.0.22-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.9.0.22-1.el7cf.x86_64.rpm cfme-appliance-tools-5.9.0.22-1.el7cf.x86_64.rpm cfme-debuginfo-5.9.0.22-1.el7cf.x86_64.rpm cfme-gemset-5.9.0.22-1.el7cf.x86_64.rpm cfme-gemset-debuginfo-5.9.0.22-1.el7cf.x86_64.rpm dbus-api-service-1.0.1-2.el7cf.x86_64.rpm dumb-init-1.2.0-1.el7.x86_64.rpm dumb-init-debuginfo-1.2.0-1.el7.x86_64.rpm erlang-19.0.4-1.el7at.x86_64.rpm erlang-debuginfo-19.0.4-1.el7at.x86_64.rpm freeipmi-1.5.1-2.el7cf.x86_64.rpm freeipmi-bmc-watchdog-1.5.1-2.el7cf.x86_64.rpm freeipmi-debuginfo-1.5.1-2.el7cf.x86_64.rpm freeipmi-devel-1.5.1-2.el7cf.x86_64.rpm freeipmi-ipmidetectd-1.5.1-2.el7cf.x86_64.rpm freeipmi-ipmiseld-1.5.1-2.el7cf.x86_64.rpm google-config-2.0.0-1.el7cf.x86_64.rpm httpd-configmap-generator-0.2.1-1.el7cf.x86_64.rpm nginx-1.10.2-1.el7at.x86_64.rpm nginx-debuginfo-1.10.2-1.el7at.x86_64.rpm nginx-mod-http-geoip-1.10.2-1.el7at.x86_64.rpm nginx-mod-http-image-filter-1.10.2-1.el7at.x86_64.rpm nginx-mod-http-perl-1.10.2-1.el7at.x86_64.rpm nginx-mod-http-xslt-filter-1.10.2-1.el7at.x86_64.rpm nginx-mod-mail-1.10.2-1.el7at.x86_64.rpm nginx-mod-stream-1.10.2-1.el7at.x86_64.rpm postgresql94-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-contrib-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-debuginfo-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-devel-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-docs-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-libs-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-plperl-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-plpython-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-pltcl-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-server-9.4.15-3PGDG.el7at.x86_64.rpm postgresql94-test-9.4.15-3PGDG.el7at.x86_64.rpm prince-9.0r2-10.el7cf.x86_64.rpm python-crypto-debuginfo-2.6.1-16.el7at.x86_64.rpm python-meld3-0.6.10-1.el7.x86_64.rpm python-meld3-debuginfo-0.6.10-1.el7.x86_64.rpm python-qpid-proton-0.19.0-1.el7cf.x86_64.rpm python2-crypto-2.6.1-16.el7at.x86_64.rpm qpid-proton-c-0.19.0-1.el7cf.x86_64.rpm qpid-proton-c-devel-0.19.0-1.el7cf.x86_64.rpm qpid-proton-cpp-0.19.0-1.el7cf.x86_64.rpm qpid-proton-cpp-devel-0.19.0-1.el7cf.x86_64.rpm qpid-proton-debuginfo-0.19.0-1.el7cf.x86_64.rpm rh-postgresql95-postgresql-pglogical-2.1.0-2.el7cf.x86_64.rpm rh-postgresql95-postgresql-pglogical-debuginfo-2.1.0-2.el7cf.x86_64.rpm rh-postgresql95-repmgr-3.1.3-2.el7cf.x86_64.rpm rh-postgresql95-repmgr-debuginfo-3.1.3-2.el7cf.x86_64.rpm rh-ruby23-rubygem-bcrypt-3.1.11-1.el7cf.x86_64.rpm rh-ruby23-rubygem-bcrypt-debuginfo-3.1.11-1.el7cf.x86_64.rpm rh-ruby23-rubygem-ffi-1.9.18-1.el7cf.x86_64.rpm rh-ruby23-rubygem-ffi-debuginfo-1.9.18-1.el7cf.x86_64.rpm rh-ruby23-rubygem-hamlit-2.7.5-1.el7cf.x86_64.rpm rh-ruby23-rubygem-hamlit-debuginfo-2.7.5-1.el7cf.x86_64.rpm rh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-2.0.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-debuginfo-2.0.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-doc-2.0.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-linux_block_device-0.2.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-linux_block_device-debuginfo-0.2.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-memory_buffer-0.1.0-2.el7cf.x86_64.rpm rh-ruby23-rubygem-memory_buffer-debuginfo-0.1.0-2.el7cf.x86_64.rpm rh-ruby23-rubygem-nio4r-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-nio4r-debuginfo-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.x86_64.rpm rh-ruby23-rubygem-nokogiri-debuginfo-1.8.1-2.el7cf.x86_64.rpm rh-ruby23-rubygem-nokogiri-doc-1.8.1-2.el7cf.x86_64.rpm rh-ruby23-rubygem-ovirt-engine-sdk4-4.2.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-ovirt-engine-sdk4-debuginfo-4.2.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-pg-0.18.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-pg-debuginfo-0.18.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-puma-3.7.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-puma-debuginfo-3.7.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-qpid_proton-0.19.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-qpid_proton-debuginfo-0.19.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-rugged-0.25.1.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-rugged-debuginfo-0.25.1.1-1.el7cf.x86_64.rpm rh-ruby23-rubygem-sqlite3-1.3.13-1.el7cf.x86_64.rpm rh-ruby23-rubygem-sqlite3-debuginfo-1.3.13-1.el7cf.x86_64.rpm rh-ruby23-rubygem-unf_ext-0.0.7.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-unf_ext-debuginfo-0.0.7.4-1.el7cf.x86_64.rpm rh-ruby23-rubygem-websocket-driver-0.6.5-1.el7cf.x86_64.rpm rh-ruby23-rubygem-websocket-driver-debuginfo-0.6.5-1.el7cf.x86_64.rpm wmi-1.3.14-7.el7cf.x86_64.rpm wmi-debuginfo-1.3.14-7.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-15125 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFal/utXlSAg2UNWIIRApBmAJ9VN2/6zz0vaiQWmHKEIfraEkxS+ACeP+v4 oBAo9kFVddHc+hjxzU9Bbhc= =QM9l -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce