Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.3078 Moderate: CFME 5.5.0 bug fixes and enhancement update 10 December 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CFME Publisher: Red Hat Operating System: Red Hat Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-7502 Original Bulletin: https://access.redhat.com/errata/RHSA-2015:2551 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: CFME 5.5.0 bug fixes and enhancement update Advisory ID: RHSA-2015:2551-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2015:2551 Issue date: 2015-12-08 CVE Names: CVE-2015-7502 ===================================================================== 1. Summary: Updated cfme packages that fix a security issue, several bugs, and add various enhancements are now available for Red Hat CloudForms 4.0. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.5 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information. (CVE-2015-7502) This update also fixes several bugs. Documentation for these changes is available in the Release Notes linked to in the References section. All CFME users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1174458 - Trusted Forest bind_pwd is logged in clear text 1174858 - suspended vms on rhevm show 'unknown' 1176631 - Error:" undefined method `description' for nil:NilClass [chargeback/x_button] " in chargeback storage rates 1178213 - Pressing Cancel button on Service Dialog Edit screen displays incorrect flash Message 1181413 - Wrong flash message displayed on save retirement date for a service 1182360 - Disable next and last pagination buttons when all the report data is on a single page 1183092 - [RFE] Control-alt-delete.override update did not overwrite, delete, or change files 1187777 - RBAC: Group context switching affecting provisioning best-fit placement, quota and group ownership 1189157 - RHOS Unable to provision an openstack instance in a non-admin tenant with only a shared network 1193652 - Report based on EVM Groups is not displaying correct tags 1194668 - Buttons on "Add New Host" page disappears after changing form back default values 1195401 - Breadcrumb navigation error while navigating users 1197083 - Validate button in credentials displayed twice 1197841 - [RFE] SmartState Analysis should collect installed date for RPMs 1200137 - SCVMM VM power function failing with error 1202571 - Incorrect flash message after schedule edit is cancelled 1202781 - Change in Server name does not reflect in settings accordion 1202895 - Error with Smart State Analysis on RHEV VM on NFS 1204496 - C&U Performance data ends by 0 1205402 - Paginator has infinite pages 1205498 - Incorrect info bar label on chargeback rates page 1206029 - User role selection is not honored if I uncheck "Everything" in WebUI. 1208373 - 503 error in CFME when connecting RHELOSP with no Swift service 1209740 - Hand pointer on "Number of disks" detail page of a VM. 1210657 - SCVMM - VM CPU Count shows 0 in UI 1211665 - Clicking fleeced "Init processes" on an image summary screen triggers an error. 1211730 - [RFE] Add cloud-init package to the appliance 1212155 - Remove Add,cancel button from control action search result page 1212204 - Automate - Add Services Quota StateMachine to RedHat domain 1212274 - UI : Status of inactive schedule not displayed 1212470 - DateTime control returns the wrong date/time if the chosen date/time is in less that 1h 1212685 - Unhandled Exception Database settings page 1214405 - Foreman UI - configuration manager and configured system search is shared 1215599 - Tool tip of Redo button should be replaced from "Redo the next change" to "Redo the previous change" in the Scope/Condition editor of Control Policy 1215990 - [RFE] Allow the on_entry and on_error methods of a state machine to be able to advance (bump) state to allow processing to continue 1216889 - VM not getting auto power on after provisioning from CFME 3.1 if memory size is more than 4GB 1217002 - "Error during 'Policy Import': undefined method `collect' for "test 'as da ad":String" in control Import/Export 1217097 - VM Retirement Backward Compatibility Information 1217222 - Warn VolMgrPlatformSupportLinux: $miqHostCfg not set 1217226 - SmartState analysis produces xml-related errors in evm.log 1217426 - RBAC: Missing foreman provider tab for operator,desktop,user_self_service and vm_user role 1217545 - Hostname field on new cloud provider page does not trim trailing whitespace 1217641 - database restore fails but doesn't log the error 1217916 - Refresh Power States Fails for OpenStack - No Cinder 1218604 - Foreman provisioning request lands the user on a page with list of requests but no submenu 1219005 - Openstack prov. request - undefined method `fetch_path' for nil:NilClass [miq_request/prov_field_changed] 1219730 - Auto Approve - Max CPU * company tag lists wrong values 1219950 - Dynamic drop down list does not accept first entry 1219998 - Timeout issues with fleecing on OpenStack 1221060 - Satellite 5 organization not displayed in the UI when set 1221386 - dialog values do not override vm_name 1221532 - SCVMM: "[RuntimeError]: Host not specified, unable to migrate VM Method:[rescue in execute]" on VM migrate 1221572 - <b> tag displayed when hovered on a datastore in C & U collection setting page 1221754 - Link to orchestration template is missing from orchestration stack summary page 1221760 - [RFE] Configuring CF to be able to search full tree in ldap 1221821 - UI: OPS/Diagnostics Server, Collect Logs edit form does not populate saved log depot settings 1222155 - RHEL OSP provider passes credentials but fails to refresh environment info 1222182 - no implicit conversion of Symbol into Integer [storage/perf_chart_chooser] while grouping datastore C&U charts by tag 1222183 - RoutingError (No route matches [GET] "/images/icons/new/vendor-foreman_provisioning.png" in production.log 1222479 - RBAC: Configuration accordion misrendered for users having access to configuration feature 1222497 - Openstack cloud provider refresh fails if there are no glance images loaded 1222591 - SSH access to appliance hosted on RHEV-m 3.4 fails with default root credentials 1222642 - RHOS: VM Fleecing throws " ERROR -- : Q-task_id([4bef2b1a-fd6e-11e4-9b8c-0050569674e2]) <Fog> excon.error #<Excon::Errors::NotFound: Expected([200, 203]) <=> Actual(404 Not Found)" 1222667 - Login page Title does not display appropriately 1222674 - RedHat Domain - Service Quota error for heat stacks. 1222920 - Display flash message if "Add a schedule" in cancelled by the user when creating first schedule 1223016 - [RFE] Provide VHD Image for Microsoft SCVMM support 1223114 - Running Database garbage collection from the UI gives error 1223348 - Unhandled Exception when switching provisioning types 1223368 - Simulation doesn't clear object when reselecting none 1223459 - UI: Configure/My Settings/Default Views is missing a "Configuration Management" item in the Infrastructure section 1223536 - CF ems refresh doesn't find all instances in OSP !>1000 1223567 - Font mixed up on Right size recommendation page for VMs 1223911 - Service : clicking on request with orphaned template shows error 1223976 - Not capturing events properly from RHOS (RabbitMQ) 1224207 - UI: Configure/My Settings/Default Views is missing a "Tenants" item in the clouds section 1224228 - Using OpenStack non-admin user to add an OpenStack provider, doesn't show OpenStack networks 1224425 - Flash message displayed twice after resetting changes while editing compute,storage rates 1224914 - Redhat Satellite Providers configured system shows count as n,but displays n-1. 1224947 - undefined method `paged_view_search' for nil:NilClass [provider_foreman/download_data] in RedHat satellite provider download links 1224959 - Replace term "Foreman" with "Red Hat Satellite" in Provider refresh flash message 1225026 - Scrollbar dips below visible area 1225121 - Vmware VM retirement - undefined method `call_ws' for #<HostVmwareEsx:0xXXXXXXXXXXXXXX> 1225145 - Show container default filters only if they are turned on 1225332 - Connection to OSP SSL doesn't get attempted following Errno::ECONNRESET error on non-SSL connection 1225380 - [ja_JP] Unlocalized strings in the Login page. 1225395 - [ja_JP] Unlocalized primary navigation bar name. 1225401 - [ja_JP] Unlocalized sub-tabs name of Configure -> My Settings. 1225408 - [ja_JP] "ja" should be "Japanese" and localized in Locale drop-down list of Configure->My Settings->Visual->Display Settings. 1225432 - [ja_JP] Unlocalized Logout menu. 1226085 - Pipe character on host edit page 1226366 - MIQ(MiqWidget.get_group) Unable to find group '' in evm.log 1226491 - scroll bar on the Default filters page has extra arrow heads 1227045 - [RFE] Filtering of Service Catalog items during deployment 1227068 - Dialog name is not saved for Catalog Bundle for Services 1227069 - [ja_JP] Unexpected and unlocalized string "translation missing: ja.product.name: xx" in the browser window & tab's name and tooltips. 1227211 - Foreman - unable to add a tag during provisioning 1227426 - widget generation issues with groups that have no userid set 1227645 - SMTP authentication configuration changes from login to plain issues 1227659 - Widgets import doesn't work fine 1227703 - Missing reset button in the dashboard, to reset it to default 1227750 - Inconsistent Hover text for compare and drift mode in default view settings 1227811 - Service request cannot be deleted with nonadmin user, even if the permissions are ok 1227931 - Service Quota service_request_rejected automate method puts truncated data in the miq_request reason attribute. 1227937 - Automate - Fix service dialog_parser issue. 1227945 - Automate - Fix RedHat ServiceQuota issue 1228104 - HTML5 console not working with IE8 and IE9 1228130 - Inconsistent title names for exist mode in default view settings and compare page 1228367 - Archived VM instance still connects to its orchestration stack 1228743 - Need to update the japanese locale file 1228844 - Control Explorer: Error when clicking on Policy in Policies accordion 1229104 - undefined method `description' for #<EmsOpenstack:0x000000109620e8> [ems_cloud/show] while clicking on openstack provider 1229126 - User logs out when clicked on REDHAT CLOUDFORMS MANAGEMENT title header 1229136 - Disable export button when no custom reports are available for export 1229308 - comparison of Array with Array failed [ops/db_list] while sorting VMDB client connections on Waiting resource 1229326 - Broken styles with UI plugin for external links in CFME menu 1229348 - 5.4 beta - The dialog to add a new Button no longer allows the input of Attribute/Value pairs 1229380 - Orchestration stack provisioning timeout should be in minutes 1229420 - CFME 5.4 beta - Cannot add a Control Action that specifies an Action Type of "Invoke a Custom Automation" 1229431 - Services -> Request shows an exception - undefined method `name' for #<ServiceTemplateProvisionRequest 1229462 - Browser page Titles display ManageIQ instead of CFME when login with ja locale 1229620 - Accordions won't be visible to a role, unless the role is allowed full access 1229677 - Dialog cannot be found. Name:[miq_provision_amazon_dialogs_template] Type:[MiqProvisionWorkflow] [catalog/atomic_form_field_changed] on selecting the catalog item type in add catalog item 1230130 - Breadcrumb navigation: "The page you were looking for doesn't exist" while navigating to timelines page 1230262 - Chargeback reports contain records for last day only 1230375 - When importing widgets, unable to commit or cancel the import 1230689 - Disabled dynatree objects on action search result page 1230690 - Provisioning Dialogs accordion needs updates 1230786 - UI : Multiple daily records on C&U charts with time profiles that have C&U data roll up enabled 1230831 - For Triple-O nodes, Credentials Validate does not return result 1231069 - Duplicate data and graphs on Optimize->Utilization pages with time profiles that have C&U data roll up enabled 1231321 - Availability Zone & Security Group Tags not honoured by Group Tag Filter 1231889 - undefined method `[]' for nil:NilClass [miq_policy/alert_field_changed] 1232281 - Error:"You cannot call create unless the parent is saved [host/create]" in add new host 1232283 - undefined method `strip' for nil:NilClass [host/create] while adding new host 1232484 - OpenStack Event Catcher Thread Constantly Failing and Restarting 1232546 - <AEMethod servicetemplateprovisionrequest_denied> NoMethodError: undefined method `log' for main:Object 1232548 - <AEMethod servicetemplateprovisionrequest_denied> [wrong number of arguments (3 for 2)] 1232549 - <AEMethod servicetemplateprovisionrequest_denied> [undefined method `+' for nil:NilClass] lines 24 + 29 1232924 - Both Request Tasks" and "Tasks" have same description 1233188 - "NotImplementedError (verify_credentials_with_ws not implemented in Host)" when validating credentials for newly added host. 1233815 - Extract running process doesn't work without error message 1233944 - Automate Services Provisioning Issue - Conflict between statemachine completion and task rollup completion. 1234465 - Automate exports use Windows line endings 1234497 - Can not assign a host to a hostgroup without locations 1234588 - undefined method error when looking at bottlenecks under optimize using IE browser 1234871 - SCVMM provider refresh fails where VM disks are not present 1234894 - SCVMM provisioning from template fails for templates with spaces in their name 1234904 - SCVMM provisioning from template fails on SCVMM SP1 1234987 - Custom Buttons are not displayed 1234990 - SCVMM provisioning from template fails to extrapolate the destination storage correctly 1235259 - Dynamic drop downs are executing up to 3 times when a service dialog executes 1235384 - [RFE] SCVMM post provisioning ems refresh takes too long 1235541 - OpenStack tenant visibility not limited by tag 1235822 - Cannot run VM because it is in Powering Up status, encountered during phase autostart_destination 1236174 - [RFE] Automate: Run state machine from within another state machine 1236522 - Refresh button makes interface hang 1236599 - For SCVMM hypervisor, verifying host credentials throws EPIPE 1236977 - Configuration button remains disabled when "check all" is selected 1237091 - VMs / Instances search box is not available (visible) when custom logo is in use 1237110 - Cannot change server's zone from 'default' 1238179 - VM Utilization screen generating charts throws internal server error after Rails 4 1238236 - unknown attribute: resource_action Method:[rescue in block in seed] in 5.3.5.2 1238268 - [RFE] Retrieve Reporting reports from RESTapi 1238271 - [RFE] Retrieve ChargeBack reports from RESTapi 1238287 - [RFE] Monthly Billing - Report to provide watermark sockets of hypervisors 1238288 - [RFE] Monthly Billing - Report to provide watermark vms per provider. 1238390 - cloud-init parameters not being passed to rhev 1238391 - Lifecycle/customize root password logged in clear text. 1238423 - migration error "Process ID out of range error" after evmserverd start 1238443 - Migration: Db:migrate failure when going version 5.2.4 -> 5.4 while uninstalling rubyrep 1238485 - undefined method error raised when viewing hosts 1238530 - Unable to add Infrastructure and cloud providers 1238548 - Adding a new class leads to Blank screen 1238555 - Error when clicking on Optimize tab 1238601 - Flash message doesn't go away upon clicking 1238819 - Update UI labels to include words State Machine for service entry points 1239035 - Update using UI fails to auto-start the server back up 1240309 - Javascript error on refresh of dynamic drop down with nil key 1240337 - Smart state analysis fails on EC2 instances with undefined method ` + 'for nil:NilClass " 1240485 - UI: Titles/Breadcrumbs on Provider screens are incorrect 1240742 - Performance issues in provisioning after initial template selection 1241890 - undefined method `description' for nil:NilClass] encountered during phase [create_pxe_configuration_file] when no pxe image is selected while provisioning 1241972 - Clicking on Host/Services returns exception: undefined method `num_cpu' for nil:NilClass 1242152 - upstream : Error on adding infrastructure provider 1242369 - Spinner spins forever while sorting policy actions 1242459 - accessing to vm_infra/explorer raises "Error caught: [ArgumentError] comparison of Array with Array failed" 1243695 - "Time Zone" (under Chargeback Interval section) in chargeback report is not functioning 1243938 - [Scale] - Inventory of 10k vm provider, 90minutes spent between Updating Folders To Vms relationships to Updating Clusters To Resource Pools relationships 1243983 - Full screen report view error's out with IE 1244370 - Upstream build : Unable to add credentials for Vmware provider 1244943 - UI: when trying to access URL directly pointing to an object after login user remains on dashboard show screen. 1245300 - Refresh button makes interface hang on viewing Request 1245450 - undefined method `name' for "CentOS Server":String [provider_foreman/show] on pdf download in foreman configuration profile page 1245511 - [RHOS] When the admin user is a member but not an admin of a flavour, it raises an error during provider refresh. 1245724 - automate drb load limit error "too large packet" 1246140 - Foreman UI - provider filtering is also being applied to configuration profiles within providers 1246536 - Infrastructure Provider summary. IP Address row header should say "Discovered IP Address" 1246538 - [ActionController::RoutingError] No route matches {:controller=>"vm_or_template", :action=>"launch_html5_console", :id=>1000000000151} 1246546 - "Host Name" should change to "Hostname" in Provider and Host editing forms 1246558 - Resource Pools Properties dropdown expanded by default 1246655 - no way to specify embedded proxy affinity for multi-datastore environments 1246693 - Service dialog : Adding a service dialog of "Drop down list " type without adding entries shows error 1246994 - VM provision dialog shows incorrect cpu count for RHEV CFME templates 1247375 - RBAC: Unable to restrict self-service users from seeing Clouds and / Infrastructure / Requests 1247664 - vm.create_snapshot fails for vmware vm Handsoap::Fault 1248039 - Unable to Importing into a new Automate Domain if a custom domain exist 1248181 - Cloud Provisioning dialogs do not apply RBAC filtering to resources displayed in dialog fields 1248329 - upstream:Copying an Analysis Profile shows Add screen, but no buttons are present 1248446 - Schedule editor not initializing Action drop down 1248547 - Add container provider screen - the credentials section has a misplaced "optional" label 1248747 - service :quota : Provisioning quota for CPU , Memory and Storage doesn't work 1248914 - upstream:undefined method `[]' for nil:NilClass [vm/right_size] on VM 'Right Size Recommendation' 1248951 - undefined method `include?' for nil:NilClass [catalog/x_button] on service catalog Add new button 1249664 - Dashboard "Top Storage Consumers" clickable but does not react on mouseover 1249670 - "[NameError]: uninitialized constant ManageIQ::Providers::Vmware::InfraManager::RefreshParser::Filter::Parser" found in evm.log file 1249692 - Error message should be shown when OpenStack Cloud added as OpenStack Infra provider 1249726 - Clicking on the Cloud Intelligence/Reports throws error in production.log file 1249730 - Running reports produces different errors each time 1250087 - Provisioning fails due to cluster not being selected on Vmware / RHEV 1250202 - Unable to see heat templates in tenants other than admin 1250229 - UI plugin for external links in CFME menu displays empty frame instead of configured external website 1250438 - UI: Clicking on refresh button in "All saved reports" page says "The user is not authorized for this task or item." 1250444 - Log directory filling up when AWS was having API issues 1250831 - [TypeError]#not a class/module Method:[rescue in deliver] during vmware snapshot creation 1251311 - Dashboard Graph widgets fail to load when revisiting the dashboard 1251345 - [TypeError] no implicit conversion of nil into String on Add/copy Infra/PXE customization templates 1251819 - No flash message displayed for validate for validate Foreman provider 1252672 - undefined method `super_admin_user?' for #<ApplicationHelper::ToolbarChooser:0x0000000d4a4798> [miq_ae_tools/resolve] in Automate->Simulation 1252678 - ActionController::RoutingError in database tab pages 1252849 - Heat stack deployment gets stuck when stack parameter is not found 1252976 - Service Dialog Import / Export isn't importing All of the Service Dialogs 1253126 - ERROR -- : PG::AmbiguousColumn: ERROR: column reference "ems_id" is ambiguous LINE 1: ..."event_streams".. in provider timelines 1253134 - (LoadError) cannot load such file -- workers/event_catcher_openstack on adding openstack provider 1253339 - Host Timeline results in infinite refresh with error in host and vm 1253442 - WebUI: Replace <_Unassigned> with <Unassigned> in Catalog drop down 1253460 - WebUI: Center toolbar disappears after clicking on search button 1253463 - Sorting container entities list by provider column crashes the UI 1253468 - UI: Error when trying to access Cluster summary screen 1253479 - WebUI: Credential fields missing while adding new foreman provider 1254055 - Unable to add new fields in Automate Class Schema 1254058 - Automate Class Schema can't change sequence of fields 1254211 - when quota exceeds Group Allocated Memory always shows "0.00GB" in last message of request details page 1254302 - linux_admin dependency is too wide open causing failure in internal database configuration 1254359 - VM fails to launch on Amazon with NameError log_header 1254564 - SmartState times out if snapshot creation takes too long 1254882 - Provisioning quota for CPU/Mem/Storage doesn't work for cloud providers 1255048 - Reconfigure service button gives 404 1255190 - Vm Clone : Need ISO image selection validation when provision_type ISO is selected in cloning 1255485 - Web UI: "¶" string needs to be handled properly in Automate Instance 1256404 - Amazon provider fails with: [NoMethodError]: undefined method `keys' for nil:NilClass 1256437 - Protected text fields are not being added to options_hash 1256534 - Unexpected Error Encountered Refreshing Running Tasks 1256674 - The cursor inside the VM and outside the VM are not moving together for Win 7 or Win 2008. 1257748 - [RFE] Add the ability to change the password for a user through API, especially for 'admin' user 1258072 - UI: Bottleneck events for providers not seen under Optimize ->Bottlenecks 1258648 - State=<GetDiskInfoWindows> running raised exception: <execution expired> 1258927 - UI: Reports explorer rebuilds trees on every transaction after Queue Report button is pressed once in UI. 1258985 - when a smartstate worker times out and is killed, any child processes (eg,vixdisklibserver.rb processes) are not killed with their parents leaving them running with PID 1 as the adopted parent process 1259082 - UI: Replace 'choose a clusters' with 'choose a cluster' on Optimize->Planning page 1260139 - IP Address of VMware host not found 1260196 - [RFE] Cloud Inventory collection should gather and store disk info for flavors 1260436 - Unable to deploy heat stack from bundle catalog item 1260640 - vnc connections to a windows 8.1/2012R2 experience mouse tracking issues 1262002 - Openstack Infrastructure provider shows <Unknown> Credentials in the Status box when AMQP credentials are provided 1262461 - Orchestration stack summary page show 0 number of instances, security groups, and networks 1262841 - Datastore File Browsing: Columns sorting does not work, per page change does not work 1262973 - Order service form shows <Script error> in the Tenant dropdown 1262984 - [RFE] Remove old CA file 1263073 - undefined method `strip' for nil:NilClass [ops/ap_edit] while creating vm analysis profile by selecting a category 1263326 - Clicking on "Migrate selected items" under lifecycle dropdown routes to wrong config screen 1263494 - Control Action UI: Missing ability to set request message for "Invoke a Custom Action" 1263592 - Quota calculation does not count all VMs/Instances for All providers own by Group 1263744 - Cloud Tenants Description field length limit causes inventory collection to fail when OpenStack Tenant description is over 255 characters 1263845 - UI: When migrate button is pressed from a sub list of VMs, it redirects to incorrect screen. 1264165 - 'Couldn't find SystemService...' error on clicking host services 1264183 - undefined method `id' for 1:Fixnum [ems_infra/show] while viewing timelines for a provider 1264188 - [Scale] - VIMBroker spends ~28s hot on a vcpu while outputting status to vim.log every 15minutes on large scale vmware provider 1264218 - Invalid Timezone: xyz ( [vm_infra/perf_chart_chooser] error when any non-default time profile is selected for C&U charts 1264225 - /bin/prince exit code: 127 error while downloading PDF reports 1264312 - Deprecation warning when initializing database 1264313 - Errors in evm.log during database configuration 1264327 - All RHEL-OSP SSA throws errors 1264497 - setting provider name and then type when adding new provider, clears name 1264511 - add provider type dropdown options too small, need to scroll which is silly 1264513 - Broken UI layout in Simulation 1264564 - Broken icons when viewing Tasks 1264569 - Log_level Deprecation warning in log 1264815 - No route matches {:action=>"show_list", :controller=>"foreman_provider", :id=>nil} [miq_request/prov_edit] on cancel configured sytem provisioning 1264982 - Add support for OSP-d infra provider scale out using Heat patch method 1265059 - add vim package to appliance 1265155 - OpenstackInfra specific charts no longer work 1265188 - WEB-UI: RBAC - While adding a new group, the "Role" and "Project/Tenant" drop down's default value displays as "Choose" 1265203 - WEB-UI: Tenants - Maintain Uniformity for Error messages in Tenant pages 1265221 - Web-UI: Tenants - Unable to edit the Name field 1265274 - VMware Host credential validation does not provide feedback 1265289 - CloudForms does not delete RabbitMQ Queues on disconnect 1265393 - UI - Configure / Configuration error while adding a new company tag category 1265400 - UI: Reports Explorer - Form buttons missing on Schedule editor 1265404 - "The page you were looking for doesn't exist" displayed while navigating to cloud provider timeline pages 1265456 - unexpected error clicking on infra provider summary cluster/VM relationships 1265462 - routing errors under cloud objects 1265463 - log rotate not working on the appliance 1265466 - rhev clone template provisioning fails 1265590 - Openstack infra provider refresh depends on the associated cloud provider status 1265750 - Unable to add New Cloud Provider 1266252 - Save button disabled on 'Set ownership for Virtual machine' page 1266270 - ERROR -- : [NoMethodError]: undefined method `self_service_user?' for nil:NilClass Method:[rescue in generate_one_content_for_group] 1266467 - error raised durring the discovery of a vmware host 1266547 - Cannot add e-mails manually in e-mail editing form 1266561 - Cloudforms can confuse two hosts as being a single one 1266951 - RH Updates: Default update channels and repos must be updated 1267045 - Cannot edit a Foreman Provider in Grid/Tile view 1267148 - Unable to save configuration settings for start page,default items per page and display settings 1267390 - VM name missing in chargeback reports 1267565 - smart state analysis for vmware vm fails with "Unable to mount filesystem. Reason:[FFI::VixDiskLib::ApiWrapper#open (errcode=15 - VIX_E_FILE_ALREADY_LOCKED): The file is already in use " 1267642 - undefined method `make_request' when provisioning SCVMM VM 1267651 - Containers: Inventory collection fails - undefined method `collect' for nil:NilClass 1267697 - Much higher memory usage in 5.5 1267698 - Internal DB Password Configuration breaks when password contains non-alphanum characters 1267700 - undefined method `gsub' for 1000000000001:Fixnum [ems_infra/show] when clicking on Templates from provider summary screen 1267749 - Unsupported options [:select] [miq_capacity/optimize_tree_select] while viewing cluster,datastore,provider utilization 1267767 - ActionController::RoutingError (No route matches [GET] "/images/icons/72/currentstate-terminated.png") 1267768 - ActionController::RoutingError (No route matches [GET] "/images/icons/new/vmdb_table_evm.png") 1267769 - ActionController::RoutingError (No route matches [GET] "/images/icons/new/vmdb_database_setting.png") 1267815 - Remove text "miq" from "miq templates" in host summary page 1267888 - spa_ui: hardcoded API endpoint makes it not work on an appliance. 1267914 - Hovering on element "Type" while creating a service dialog displays tags "<Choose>" 1267999 - Broken layout for RH Update 1268055 - UI: Catalogs Explorer - Unable to create a Catalog Bundle 1268072 - Setting When to Provision to Schedule fails to load schedule fields and returns to Immediately on Approval 1268149 - ActionController::RoutingError (No route matches [GET] "/images/icons/new/vmdb_database_connection.png") 1268230 - RH Update - the edit form doesn't change dynamically 1268448 - 5.5.0.3 appliance - RHEV Guest Operating System set to Other OS rather than Red Hat Enterprise Linux 7.x x64 1268826 - Timelines page missing for cloud providers 1268975 - Check for missing hostname when doing Smartstate analysis and log warn 1269054 - Openstack Infra refresh should not depend on openstack cloud provider status 1269115 - Flash message is displayed twice in reporting schedule page 1269116 - Database indexes and tables pages display only one row per page 1269680 - Chargeback Interval for weeks is not honored 1269790 - appliance_console broken 1269999 - Request: "'nil' is not an ActiveModel-compatible object" error when on approve request screen 1270009 - Services: UI error deleting Services 1270339 - Submitting a half finished provisioning request actually creates a request 1270381 - Report charts fail to render 1270383 - [SSUI] - Login page already has credentials 1270384 - [SSUI] - Logout button does nothing 1270400 - Replace 'Vms' with 'VMs' on Host summary page 1270596 - Error in appliance console 1270700 - Some form buttons are missing alt parameter. 1270782 - PG::ObjectInUse: ERROR: database "vmdb_production" is being accessed by other users when resetting database region 1270970 - Form validation incomplete 1271077 - Changing the default filter settings and navigating to that page displays blank screen. 1271202 - Cannot create nested automate namespace or a class in namespace 1271288 - The "Edit Registration" button disappeared 1271332 - [RHEL-OSP] During SmartState Analysis of an Image: "Unknown QCOW version: 3" 1271355 - No root fileystem found when running SSA on instances in OSP with Ceph 1271359 - [RHEL-OSP] SmartState Analysis of Archived Instances fail 1271475 - [zh_CN] zh_CN not added to Locale UI. 1271514 - Couldn't find OrchestrationStackParameter with 'id'=0 [WHERE "orchestration_stack_parameters"."stack_id" = ?] [orchestration_stack/parameters] 1271563 - Cannot create an Amazon Service Catalog item as a tenant admin 1271668 - top_output log missing datetime stamp 1271722 - [AbstractController::DoubleRenderError] when clicked on add button while creating heat orchestration template 1271723 - 'Orchestration Template creation': Validation failed: Md5 of content already exists" always displayed while creating heat orchestration template 1271740 - Unable to select check all,checkbox hidden behind the width change button 1271748 - Copy orchestration template page misrendered 1272224 - Discovery of vCenter 5.5 fails for some configurations 1272258 - UI: Missing partial error when trying to view a Request 1272260 - Load error(parseerror) on clicking tables on Database accordion 1272337 - ERROR -- : RedhatAccessCfme::PortalClient: Caught HTTP error when proxying call to tapi: 401 Unauthorized: {"message":"Unauthorized: null user"} on clicking Access Insights 1272351 - undefined method `se_linux_user' for nil:NilClass [container/x_show] when clicked on containers 1272454 - WebUI: HTML5 Console: Unable to connect html5 console for rhevm vm's with SPICE display 1272552 - Redundant 'Avg' in Memory column in Top Memory Consumers widget 1272604 - evmserverd service is enabled on first boot 1272616 - Unexpected error while accessing accordions on Cloud Intelligence->Reports as tenant admin 1272618 - Missing links to product documentation on Support Page 1272990 - RBAC:unable to login when the user have access to only container feature 1273032 - Unhandled Exception when saving adv search filters 1273033 - RBAC: Error[ActionView::MissingTemplate] Missing template dashboard/maintab when clicked on configure for user having access to tenant feature 1273096 - Openstack Cloud provider shows <Unknown> Credentials in the Status box when AMQP credentials are provided 1273120 - Error when copying a method from builtin Domain to a custom one 1273128 - Kubernetes: 'missing partial' error on selecting a node in container images 1273182 - Clicking on provider link in cloud event bubble doesn't take you to cloud provider summary page 1273275 - Report generation returned: Status [Error] Message [undefined method `to_hash' for #<String:0x00000012e911e8>] on download reports 1273352 - Text wrapping creates an extra line when clicked on accordions links 1273436 - The page you were looking for doesn't exist displayed on clicking cloud/Infrastructure Provider link in relationship accordion 1273517 - UI: Reports Menu Editor - Does not display flash message to indicate that folder name already in use 1273529 - Error generating some reports 1273654 - Remove leading space from Enterpise option in Assign to dropdown on Chargeback Assignment page 1273919 - When tenant user is provisioning new VM, tenant quota limits are being ignored 1274270 - Time zone shown wrong when editing schedule 1274314 - Date input field in retirement editor behaves inconsistently 1274332 - Retirement Warning dropdown menu in retirement editor is not updated correctly 1274589 - ActionController::RoutingError (No route matches [GET] "/assets/dhtmlx_gpl_36/imgs/dhxlayout_dhx_miq/dhxlayout_bg.png") in production.log 1274665 - On Failure dropdown list is displayed twice if "Do nothing" option is selected during heat stack deployment 1274673 - "Eror during 'Provisioning': undefined method `match' for 2:Fixnum" during heat stack deployment 1274842 - Containers: Unable to edit port of a containers provider 1275363 - Retirement Date not shown on Orchestration Stack summary page 1275364 - ActiveRecord::AssociationNotFoundError in evm.log 1275367 - RoutingError (No route matches [GET] "/assets/dhtmlx_gpl_36/imgs/dhxlayout_dhx_miq/dhxlayout_bg.png") 1275380 - Error while viewing Cloud tenant summary 1275392 - [SSUI] - Page title says ManageIQ, shuld be Red Hat 1275404 - Icon images broken for timeline events 1275405 - Script error appears on the tenant selection dropdown box when order an orchestration provisioning 1275514 - Tenant column in the template selection list of catalog item should be displayed for only cloud provider templates 1275582 - Unhandled Exception when entering invalid URI 1275589 - Routing Error when clicking on Clouds menu link 1275666 - Log file shows: Undefined method `Rpm' for LinuxAdmin:Module 1275676 - Log file show: Cannot load `Rails.application.database_configuration` 1275679 - [SSUI] - Refreshing login page gives 404 1275685 - Disabled datastores show in a different font 1275707 - No feedback for loading when selecting catalog type 1275768 - undefined method `scan' for true:TrueClass [host/host_services] while clicking any of the host running servicesl 1275982 - No route matches when clicked on manage policies for stack instance 1276009 - undefined method `[]=' for nil:NilClass [miq_request/prov_field_changed] 1276098 - Flash messages missing while Deleting and Cancelling a Schedule 1276101 - Delete schedule message is displayed in black color instead of green 1276107 - Consistency need to be maintained for the delete option in schedules list page and schedule details page 1276118 - CFME should not use OpenStack adminURL endpoints for any services 1276129 - undefined method `x_get_child_nodes' for TreeBuilder:Class [report/x_show] 1276135 - undefined method `+' for nil:NilClass [ops/rbac_group_edit] 1276139 - Load error(parseerror) while clicking folders under Reports accordion as tenant admin 1276275 - Queuing a report makes it queue twice 1276301 - warning.png is missing in the images folder 1276375 - Replication worker validation passes, worker fails w/ "Replication configuration is invalid." if port not set 1276377 - Icons needed for new host events 1276405 - UI should not allow duplicate providers to be added 1276453 - Azure orchestration provisioning failed due to missing Azure Vm automate model 1276459 - SSA fails because MiqNfsSession creates temporary mount point. 1276469 - Azure orchestration stack provisioned through service does not have template association 1276496 - Timeline event text shows time stamp instead of event name 1276552 - Error:Action not implemented [orchestration_stack/button] in stacks instances comparison 1276692 - Watermark reports configured to go back only 2 days 1276706 - Issue getting an IP address on the cfme-5.5 appliance 1276859 - unexpected error creating cloud catalog items 1277016 - Error during 'check_compliance_queue': Unknown task, check_compliance_queue when clicked on check compliance of last known configuration for stack instance 1277077 - HTML character codes present in tool tip of "Edit My Company Tags for selected tenant" 1277106 - Check all functionality does not work in Automate->Provisioning dialogs Page 1277220 - "ERROR -- Event not found in MiqAeDatastore", update messaging 1277258 - The Provision VM hour and minute popups have poor or no formatting being applied. 1277276 - Search box not available on VM/Instance list page 1277302 - Unable to perform Datastore SmartState Analysis : undefined method `ext_management_system' for storage 1277367 - Couldn't find ManageIQ::Providers::InfraManager without an ID [ems_infra/tagging_edit] when clicked on edit tags from scale infrastructure provider page 1277620 - Confirmation Message appears multiple times when Power Cycling a VM Instance 1277641 - routing errors under provider relationships 1277707 - Binaries for customer installed gems will not be found 1277960 - Only the last added Openstack Infra provider shows up in the list when adding an Openstack Cloud provider 1277971 - Running SmartState analysis on Openstack Infrastructure nodes can take a long time 1277993 - Node users list pagination doesn't work 1277995 - NoMethodError during inventory of Satellite 6 without any hostgroups 1278036 - Openstack Cloud provider is missing the API version select box 1278041 - Containers: REST API cannot accept token for creating the Openshift provider 1278076 - Log rotate generates SELinux permission errors 1278161 - Rhev vm scan error [bad component(expected port component): "443"] 1278202 - Permission denied errors when logging in with non-root users 1278331 - UI: pdf/csv/text download button is missing text 1278368 - OpenStack Platform Director nodes should not show any power actions in the nested list ( when you click e.g. on nodes in provider or cluster) 1278427 - Timelines power activity event is missing icon 1278432 - Web-UI: HTML5-Console: Ports 5900:5999 not enabled in firewall 1278456 - WebUI:VMRC: Windows: Firefox and IE throws "TypeError: $.browser is undefined" error 1278459 - WebUI:VMRC:Linux:Firefox - "SyntaxError: expected expression, got '&'" when accessing the vmrc console 1278463 - UI should not allow scans to be issued if the datastore is not vmware based 1278469 - UI exception when sorting Host's users 1278470 - No Heat related events show up in the Timelines for the Openstack Platform Director prov 1278568 - Increase default memory to 8GB on appliances 1278741 - Dashboards are not displayed if a user only has "view" permission on dashboards 1278883 - Nodes utilization charts do not show up 1278904 - credential RHEV hosts fail 1279390 - <AutomationEngine> Class [System/Event/EmsEvent/OPENSTACK] not found in MiqAeDatastore 1279435 - undefined method `block_storage_disk_usage' for nil:NilClass [ems_cluster/show] 1279449 - Nodes devices show huge icons 1279551 - UI: SSUI login screen & header are not completely productized 1279601 - dozens of "[RuntimeError]: Expected scheduled time 'at' to be 'numeric', received 'Time' Method:[rescue in deliver]" associated with specific default reports 1279603 - multiple ERRORS of the form "MIQ(MiqQueue#deliver) Message id: [...], Error: [PG::UndefinedTable: ERROR: missing FROM-clause entry for table "hosts"' for reports 1279999 - Self Serice UI login screen has unimplemented features 1280044 - File image upload for services catalog fails with 500 1280278 - the list of all groups a user is part of does not allow to see them all on one screen if there are enough groups 1280323 - Containers: Container Image scan doesn't work 1280350 - NameError uninitialized constant MiqAeMethodService::MiqAeServiceEmsOpenstack 1280354 - Containers: "nil" string is displayed in component status error column 1281295 - Containers: missing CFME productization for Kubernetes and Atomic providers 1281345 - Changing view for instances list in a Relationship list doesn't work 1281445 - Containers UI: Overview (dashboard) and topology screens are empty 1281462 - Search button misrendered in filter page 1281477 - Saved filters are broken under Infra/Vm and Infra/Templates 1281548 - [SSUI] Focus on user field on login screen and identify user in banner 1281561 - UI: Count of services in Classic vs. SSUI do not match 1281585 - Unable to list cloud networks in automate 1281746 - InfraManager::EventCatcher worker keeps getting restarted 1281860 - Automate UI Error: NoMethodError in MiqAeTools#resolve 1281872 - Wrong button location on different pages 1281883 - RHSCL 201.pem certificate missing from /etc/pki/product 1281887 - SSA of templates blocked. 1281968 - Secondary C&U charts only show stopped Hosts and VMs, should show running as well 1282317 - The page you were looking for doesn't exist displayed on clicking cloud/Infrastructure Provider link in relationship accordion of all the cloud objects 1282433 - Web-UI: Containers: Clicking on "Project / Pod" throws "ERROR: column container_groups.project does not exist LINE 1: ...stems"."id" = "container_groups"."ems_id" WHERE ((container_... ^ [container_group/show_list]" error 1282436 - Error:undefined method `[]' for nil:NilClass [miq_task/button] when clicked on cancel job button in All VM Analysis & All other Task Page 1282576 - Red Hat Insights when Appliance is registered to Satellite 5/6 1282716 - ActionController::RoutingError when sorting infrastructure and cloud objects when navigated through provider summary page 1282756 - Remove Web-based VNC console option from archived nodes 1282815 - Cannot refresh openshift due to missing permissions for componentstatuses 1282851 - VMware provider refresh fails with 'divided by 0' 1282857 - UI: Values in type dropdown on Cloud discovery screen should be titelized or have nice display name 1282907 - Automate | System/About class schema version attribute needs to be updated. 1282927 - Default entry in /etc/hostname is 'localhost.localdomain.localdomain' opposed to 'localhost.localdomain' 1282965 - UI: Spinner doesn't stop when submitting options on Service/Requests screen' 1282972 - UI: Count of Catalog Items under Service Catalogs in Classic vs. SSUI do not match 1283019 - CVE-2015-7502 CloudForms: insecure password storage in PostgreSQL database 1283195 - Host entries are no longer adopted after deletion and re-add 1283282 - Screen contents gets cutoff when toolbar wraps 1283402 - Heat templates provisioning only to admin tenant 1283564 - Containers UI: Overview (dashboard) Does not show number of Providers 1283603 - Cannot access items in automation tree for service catalog entry point 1283642 - Saved filters aren't display under Infra/Templates/Global Filters and My Filters 1283680 - Events timeline isn't displayed for containers 1283683 - Utilization button not working for containers 1283745 - UI ERROR When bulk deleting copied methods. 1283747 - UI: Form buttons and paging controls are missing in Reports explorer 1283790 - When adding a new Group, clicking on Look Up LDAP Groups no longer works 1283795 - Automate | Fix issue where the old Infrastructure quota instance points to new quota. 1284039 - [SSUI] Sample text on login screen needs to be removed or replaced with CFME pertinent text 1284049 - undefined method `flavors' for #<ManageIQ::Providers::..> when clicked on template name while creating OpenStack catalog item 1284122 - UI: Need to remove iStock images from SSUI 1284256 - container provider's timeline balloons have labels relevant to vms and are missing container ones 1284662 - access insights tab missing 1284938 - Containers SmartState Analysis should use the management-infra namespace 1285341 - After a certain amount of time the EventCatcher worker (thread) is stopped and deleted 1286421 - Containers: Metrics/utilization is broken for Pods 1286666 - Missing port selection in cloud infrastructure providers 1288193 - Red Hat Insights Report Detail always shows "No Actions" 6. Package List: CloudForms Management Engine 5.5: Source: cfme-5.5.0.13-2.el7cf.src.rpm cfme-appliance-5.5.0.13-1.el7cf.src.rpm cfme-gemset-5.5.0.13-1.el7cf.src.rpm prince-9.0r2-10.el7cf.src.rpm rh-ruby22-rubygem-bcrypt-3.1.10-3.el7cf.src.rpm rh-ruby22-rubygem-escape_utils-1.1.0-2.el7cf.src.rpm rh-ruby22-rubygem-eventmachine-1.0.7-6.el7cf.src.rpm rh-ruby22-rubygem-ffi-1.9.8-4.el7cf.src.rpm rh-ruby22-rubygem-json-1.8.2-9.el7cf.src.rpm rh-ruby22-rubygem-linux_block_device-0.1.0-2.el7cf.src.rpm rh-ruby22-rubygem-memory_buffer-0.1.0-2.el7cf.src.rpm rh-ruby22-rubygem-net_app_manageability-0.1.0-3.el7cf.src.rpm rh-ruby22-rubygem-nokogiri-1.6.6.2-3.el7cf.src.rpm rh-ruby22-rubygem-pg-0.18.2-2.el7cf.src.rpm rh-ruby22-rubygem-psych-2.0.13-4.el7cf.src.rpm rh-ruby22-rubygem-puma-2.13.4-2.el7cf.src.rpm rh-ruby22-rubygem-redhat_access_cfme-0.0.7-1.el7cf.src.rpm rh-ruby22-rubygem-redhat_access_lib-0.0.6-1.el7cf.src.rpm rh-ruby22-rubygem-thin-1.6.3-2.el7cf.src.rpm rh-ruby22-rubygem-unf_ext-0.0.7.1-3.el7cf.src.rpm wmi-1.3.14-6.el7cf.src.rpm noarch: rh-ruby22-rubygem-redhat_access_cfme-0.0.7-1.el7cf.noarch.rpm rh-ruby22-rubygem-redhat_access_lib-0.0.6-1.el7cf.noarch.rpm rh-ruby22-rubygem-unf_ext-doc-0.0.7.1-3.el7cf.noarch.rpm x86_64: cfme-5.5.0.13-2.el7cf.x86_64.rpm cfme-appliance-5.5.0.13-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.5.0.13-1.el7cf.x86_64.rpm cfme-debuginfo-5.5.0.13-2.el7cf.x86_64.rpm cfme-gemset-5.5.0.13-1.el7cf.x86_64.rpm prince-9.0r2-10.el7cf.x86_64.rpm rh-ruby22-rubygem-bcrypt-3.1.10-3.el7cf.x86_64.rpm rh-ruby22-rubygem-bcrypt-debuginfo-3.1.10-3.el7cf.x86_64.rpm rh-ruby22-rubygem-escape_utils-1.1.0-2.el7cf.x86_64.rpm rh-ruby22-rubygem-escape_utils-debuginfo-1.1.0-2.el7cf.x86_64.rpm rh-ruby22-rubygem-eventmachine-1.0.7-6.el7cf.x86_64.rpm rh-ruby22-rubygem-eventmachine-debuginfo-1.0.7-6.el7cf.x86_64.rpm rh-ruby22-rubygem-ffi-1.9.8-4.el7cf.x86_64.rpm rh-ruby22-rubygem-ffi-debuginfo-1.9.8-4.el7cf.x86_64.rpm rh-ruby22-rubygem-json-1.8.2-9.el7cf.x86_64.rpm rh-ruby22-rubygem-json-debuginfo-1.8.2-9.el7cf.x86_64.rpm rh-ruby22-rubygem-linux_block_device-0.1.0-2.el7cf.x86_64.rpm rh-ruby22-rubygem-linux_block_device-debuginfo-0.1.0-2.el7cf.x86_64.rpm rh-ruby22-rubygem-memory_buffer-0.1.0-2.el7cf.x86_64.rpm rh-ruby22-rubygem-memory_buffer-debuginfo-0.1.0-2.el7cf.x86_64.rpm rh-ruby22-rubygem-net_app_manageability-0.1.0-3.el7cf.x86_64.rpm rh-ruby22-rubygem-net_app_manageability-debuginfo-0.1.0-3.el7cf.x86_64.rpm rh-ruby22-rubygem-nokogiri-1.6.6.2-3.el7cf.x86_64.rpm rh-ruby22-rubygem-nokogiri-debuginfo-1.6.6.2-3.el7cf.x86_64.rpm rh-ruby22-rubygem-pg-0.18.2-2.el7cf.x86_64.rpm rh-ruby22-rubygem-pg-debuginfo-0.18.2-2.el7cf.x86_64.rpm rh-ruby22-rubygem-psych-2.0.13-4.el7cf.x86_64.rpm rh-ruby22-rubygem-psych-debuginfo-2.0.13-4.el7cf.x86_64.rpm rh-ruby22-rubygem-puma-2.13.4-2.el7cf.x86_64.rpm rh-ruby22-rubygem-puma-debuginfo-2.13.4-2.el7cf.x86_64.rpm rh-ruby22-rubygem-thin-1.6.3-2.el7cf.x86_64.rpm rh-ruby22-rubygem-thin-debuginfo-1.6.3-2.el7cf.x86_64.rpm rh-ruby22-rubygem-unf_ext-0.0.7.1-3.el7cf.x86_64.rpm rh-ruby22-rubygem-unf_ext-debuginfo-0.0.7.1-3.el7cf.x86_64.rpm wmi-1.3.14-6.el7cf.x86_64.rpm wmi-debuginfo-1.3.14-6.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7502 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en/red-hat-cloudforms/version-4.0/release-notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWZvykXlSAg2UNWIIRAoiBAJ9YaDFpqtBNTtEtPtLLpegPSpbaFgCgktie fc6zIFyla8GtuVFnSOR6S/Y= =86xl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVmjLpX6ZAP0PgtI9AQIbzhAAsw22AV/q/8Bzk9ySuPq/XHok+DxVE7VU fBc7vY86MaWaFroekU3jSt60geXqa8tFHJmXQ06EYmw52eKDbacHVa1x0a7ktx0g 9OE7bMJL+I0vUrlgx97QHwiZH5AcsZODk79RZSenrLD7r42T9GquWe8bLW9qU17W l27ndvS7xnWUbbQ2BD9xXKT+tioBSl+14GE75hzdrUlUvzh+vp6klrH9vgMRSUFU 5PUT+FOVv7e+kPgc+hTOVtWQOGfSl3X699T1JVQWRod8wqqDoYZtixuxsKeY6dM8 c128vzqSN25eGvEGTXVWBYZ8OOJB/4SMMzhl2xqdT658dK4egV+1t4HFlREjV0xk UZNNu3TpgPcIE1b/RVpAUr8u+nqawPYdO1ta9tKOeflw7CpiY0nyY1tuuL2Ycr2G 0eKoUo3c08PdyYawUw+CvQBHh3iKpwOpEdw4C81CwF0ERJKt3oia4kcHXgzYH44Z Xo9BiKbyA9fmLB3T5bC4GMVMWnpczF58rLQhteq77CeqorfhjVvRyj+BQEsLRCU+ G8YbeF4XOOqt0eGmSyI+yuJNnR+vD/N6hxGjVRdtyTBaSrgCXoFcDsFRnlSFJGBH NM8O9QBKJ0PojvT3u9oNPNKkEqBCYFvXvZSkNX2hIfU572kLEyTcypvI+B+R1jeB aJYYWKdjAT4= =C3Xd -----END PGP SIGNATURE-----