Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

           Moderate: CFME 5.5.0 bug fixes and enhancement update
                             10 December 2015


        AusCERT Security Bulletin Summary

Product:           CFME
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Increased Privileges -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-7502  

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

                   Red Hat Security Advisory

Synopsis:          Moderate: CFME 5.5.0 bug fixes and enhancement update
Advisory ID:       RHSA-2015:2551-01
Product:           Red Hat CloudForms
Advisory URL:      https://access.redhat.com/errata/RHSA-2015:2551
Issue date:        2015-12-08
CVE Names:         CVE-2015-7502 

1. Summary:

Updated cfme packages that fix a security issue, several bugs, 
and add various enhancements are now available for Red Hat 
CloudForms 4.0.

Red Hat Product Security has rated this update as having Moderate 
Security impact. Common Vulnerability Scoring System (CVSS) base 
scores, which give detailed severity ratings, are available for each 
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.5 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, 
and automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, 
a model-view-controller (MVC) framework for web application 
development. Action Pack implements the controller and the view 

A privilege escalation flaw was discovered in CloudForms, where in 
certain situations, CloudForms could read encrypted data from the 
database and then write decrypted data back into the database. If the 
database was then exported or log files generated, a local attacker 
might be able to gain access to sensitive information. (CVE-2015-7502)

This update also fixes several bugs. Documentation for these changes 
is available in the Release Notes linked to in the References section.

All CFME users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:


5. Bugs fixed (https://bugzilla.redhat.com/):

1174458 - Trusted Forest bind_pwd is logged in clear text
1174858 - suspended vms on rhevm show 'unknown'
1176631 - Error:" undefined method `description' for nil:NilClass [chargeback/x_button] " in  chargeback storage rates
1178213 - Pressing Cancel button on Service Dialog Edit screen displays incorrect flash Message
1181413 - Wrong flash message displayed on save retirement date for a service
1182360 - Disable next and last pagination buttons when all the report data is on a single page
1183092 - [RFE] Control-alt-delete.override update did not overwrite, delete, or change files
1187777 - RBAC: Group context switching affecting provisioning best-fit placement, quota and group ownership
1189157 - RHOS Unable to provision an openstack instance in a non-admin tenant with only a shared network
1193652 - Report based on EVM Groups is not displaying correct tags
1194668 - Buttons on "Add New Host" page disappears after changing form back default values
1195401 - Breadcrumb navigation error while navigating users
1197083 - Validate button in credentials displayed twice
1197841 - [RFE] SmartState Analysis should collect installed date for RPMs
1200137 - SCVMM VM power function failing with error
1202571 - Incorrect flash message after schedule edit is cancelled
1202781 - Change in Server name does not reflect in settings accordion
1202895 - Error with Smart State Analysis on RHEV VM on NFS
1204496 - C&U Performance data ends by 0
1205402 - Paginator has infinite pages
1205498 - Incorrect info bar label on chargeback rates page
1206029 - User role selection is not honored if I uncheck "Everything" in WebUI.
1208373 - 503 error in CFME when connecting RHELOSP with no Swift service
1209740 - Hand pointer on "Number of disks" detail page of a VM.
1210657 - SCVMM - VM CPU Count shows 0 in UI
1211665 - Clicking fleeced "Init processes" on an image summary screen triggers an error.
1211730 - [RFE] Add cloud-init package to the appliance
1212155 - Remove Add,cancel button from control action search result page
1212204 - Automate - Add Services Quota StateMachine to RedHat domain
1212274 - UI : Status of inactive schedule not displayed
1212470 - DateTime control returns the wrong date/time if the chosen date/time is in less that 1h
1212685 - Unhandled Exception Database settings page
1214405 - Foreman UI - configuration manager and configured system search is shared
1215599 - Tool tip of Redo button should be replaced from "Redo the next change" to "Redo the previous change" in the Scope/Condition editor of Control Policy
1215990 - [RFE] Allow the on_entry and on_error methods of a state machine to be able to advance (bump) state to allow processing to continue
1216889 - VM not getting auto power on after provisioning from CFME 3.1 if memory size is more than 4GB
1217002 - "Error during 'Policy Import': undefined method `collect' for "test 'as da ad":String" in control Import/Export
1217097 - VM Retirement Backward Compatibility Information
1217222 - Warn VolMgrPlatformSupportLinux: $miqHostCfg not set
1217226 - SmartState analysis produces xml-related errors in evm.log
1217426 - RBAC: Missing foreman provider tab for operator,desktop,user_self_service and vm_user role
1217545 - Hostname field on new cloud provider page does not trim trailing whitespace
1217641 - database restore fails but doesn't log the error
1217916 - Refresh Power States Fails for OpenStack - No Cinder
1218604 - Foreman provisioning request lands the user on a page with list of requests but no submenu
1219005 - Openstack prov. request - undefined method `fetch_path' for nil:NilClass [miq_request/prov_field_changed]
1219730 - Auto Approve - Max CPU * company tag lists wrong values
1219950 - Dynamic drop down list does not accept first entry
1219998 - Timeout issues with fleecing on OpenStack
1221060 - Satellite 5 organization not displayed in the UI when set
1221386 - dialog values do not override vm_name
1221532 - SCVMM: "[RuntimeError]: Host not specified, unable to migrate VM  Method:[rescue in execute]"  on VM migrate
1221572 - <b> tag displayed when hovered on a datastore in C & U collection setting page
1221754 - Link to orchestration template is missing from orchestration stack summary page
1221760 - [RFE] Configuring CF to be able to search full tree in ldap
1221821 - UI: OPS/Diagnostics Server, Collect Logs edit form does not populate saved log depot settings
1222155 - RHEL OSP provider passes credentials but fails to refresh environment info
1222182 - no implicit conversion of Symbol into Integer [storage/perf_chart_chooser] while grouping datastore C&U charts by tag
1222183 - RoutingError (No route matches [GET] "/images/icons/new/vendor-foreman_provisioning.png" in production.log
1222479 - RBAC: Configuration accordion misrendered for users having access to configuration feature
1222497 - Openstack cloud provider refresh fails if there are no glance images loaded
1222591 - SSH access to appliance hosted on RHEV-m 3.4 fails with default root credentials
1222642 - RHOS: VM Fleecing throws " ERROR -- : Q-task_id([4bef2b1a-fd6e-11e4-9b8c-0050569674e2]) <Fog> excon.error     #<Excon::Errors::NotFound: Expected([200, 203]) <=> Actual(404 Not Found)"
1222667 - Login page Title does not display appropriately
1222674 - RedHat Domain - Service Quota error for heat stacks.
1222920 - Display flash message if "Add a schedule"  in cancelled by the user when creating first schedule
1223016 - [RFE] Provide VHD Image for Microsoft SCVMM support
1223114 - Running Database garbage collection from the UI gives error
1223348 - Unhandled Exception when switching provisioning types
1223368 - Simulation doesn't clear object when reselecting none
1223459 - UI: Configure/My Settings/Default Views is missing a "Configuration Management" item in the Infrastructure section
1223536 - CF ems refresh doesn't find all instances in OSP !>1000
1223567 - Font mixed up on Right size recommendation page for VMs
1223911 - Service : clicking on request with orphaned template shows error
1223976 - Not capturing events properly from RHOS (RabbitMQ)
1224207 - UI: Configure/My Settings/Default Views is missing a "Tenants" item in the clouds section
1224228 - Using OpenStack non-admin user to add an OpenStack provider, doesn't show OpenStack networks
1224425 - Flash message displayed twice after resetting changes while editing compute,storage rates
1224914 - Redhat Satellite Providers configured system shows count as n,but displays n-1.
1224947 - undefined method `paged_view_search' for nil:NilClass [provider_foreman/download_data] in RedHat satellite provider download links
1224959 - Replace term "Foreman" with "Red Hat Satellite" in  Provider refresh flash message
1225026 - Scrollbar dips below visible area
1225121 - Vmware VM retirement - undefined method `call_ws' for #<HostVmwareEsx:0xXXXXXXXXXXXXXX>
1225145 - Show container default filters only if they are turned on
1225332 - Connection to OSP SSL doesn't get attempted following Errno::ECONNRESET error on non-SSL connection
1225380 - [ja_JP] Unlocalized strings in the Login page.
1225395 - [ja_JP] Unlocalized primary navigation bar name.
1225401 - [ja_JP] Unlocalized sub-tabs name of Configure -> My Settings.
1225408 - [ja_JP] "ja" should be "Japanese" and localized in Locale drop-down list of Configure->My Settings->Visual->Display Settings.
1225432 - [ja_JP] Unlocalized Logout menu.
1226085 - Pipe character on host edit page
1226366 - MIQ(MiqWidget.get_group) Unable to find group '' in evm.log
1226491 - scroll bar on the Default filters page has extra arrow heads
1227045 - [RFE] Filtering of Service Catalog items during deployment
1227068 - Dialog name is not saved for Catalog Bundle for Services
1227069 - [ja_JP] Unexpected and unlocalized string "translation missing: ja.product.name: xx" in the browser window & tab's name and tooltips.
1227211 - Foreman - unable to add a tag during provisioning
1227426 - widget generation issues with groups that have no userid set
1227645 - SMTP authentication configuration changes from login to plain issues
1227659 - Widgets import doesn't work fine
1227703 - Missing reset button in the dashboard, to reset it to default
1227750 - Inconsistent Hover text for compare and drift mode in default view settings
1227811 - Service request cannot be deleted with nonadmin user, even if the permissions are ok
1227931 - Service Quota service_request_rejected automate method puts truncated data in the miq_request reason attribute.
1227937 - Automate - Fix service dialog_parser issue.
1227945 - Automate - Fix RedHat ServiceQuota issue
1228104 - HTML5 console not working with IE8 and IE9
1228130 - Inconsistent title names for exist mode in default view settings and compare page
1228367 - Archived VM instance still connects to its orchestration stack
1228743 - Need to update the japanese locale file
1228844 - Control Explorer: Error when clicking on Policy in Policies accordion
1229104 - undefined method `description' for #<EmsOpenstack:0x000000109620e8> [ems_cloud/show] while clicking on openstack provider
1229126 - User logs out when clicked on REDHAT CLOUDFORMS MANAGEMENT title header
1229136 - Disable export button when no custom reports are available for export
1229308 - comparison of Array with Array failed [ops/db_list]  while sorting VMDB client connections on Waiting resource
1229326 - Broken styles with UI plugin for external links in CFME menu
1229348 - 5.4 beta - The dialog to add a new Button no longer allows the input of Attribute/Value pairs
1229380 - Orchestration stack provisioning timeout should be in minutes
1229420 - CFME 5.4 beta - Cannot add a Control Action that specifies an Action Type of "Invoke a Custom Automation"
1229431 - Services -> Request shows an exception - undefined method `name' for #<ServiceTemplateProvisionRequest
1229462 - Browser page Titles display ManageIQ instead of CFME when login with ja locale
1229620 - Accordions won't be visible to a role, unless the role is allowed full access
1229677 - Dialog cannot be found. Name:[miq_provision_amazon_dialogs_template] Type:[MiqProvisionWorkflow] [catalog/atomic_form_field_changed]  on selecting the catalog item type in add catalog item
1230130 - Breadcrumb navigation: "The page you were looking for doesn't exist" while navigating to timelines page
1230262 - Chargeback reports contain records for last day only
1230375 - When importing widgets, unable to commit or cancel the import
1230689 - Disabled dynatree objects on action search result page
1230690 - Provisioning Dialogs accordion needs updates
1230786 - UI : Multiple daily records on C&U charts with time profiles that have C&U data roll up enabled
1230831 - For Triple-O nodes, Credentials Validate does not return result
1231069 - Duplicate data and graphs on Optimize->Utilization pages with time profiles that have C&U data roll up enabled
1231321 - Availability Zone & Security Group Tags not honoured by Group Tag Filter
1231889 - undefined method `[]' for nil:NilClass [miq_policy/alert_field_changed]
1232281 - Error:"You cannot call create unless the parent is saved [host/create]" in add new host
1232283 - undefined method `strip' for nil:NilClass [host/create] while adding new host
1232484 - OpenStack Event Catcher Thread Constantly Failing and Restarting
1232546 - <AEMethod servicetemplateprovisionrequest_denied>   NoMethodError: undefined method `log' for main:Object
1232548 - <AEMethod servicetemplateprovisionrequest_denied> [wrong number of arguments (3 for 2)]
1232549 - <AEMethod servicetemplateprovisionrequest_denied> [undefined method `+' for nil:NilClass] lines 24 + 29
1232924 - Both Request Tasks" and "Tasks" have same description
1233188 - "NotImplementedError (verify_credentials_with_ws not implemented in Host)"  when validating credentials for newly added host.
1233815 - Extract running process doesn't work without error message
1233944 - Automate Services Provisioning Issue - Conflict between statemachine completion and task rollup completion.
1234465 - Automate exports use Windows line endings
1234497 - Can not assign a host to a hostgroup without locations
1234588 - undefined method error when looking at bottlenecks under optimize using IE browser
1234871 - SCVMM provider refresh fails where VM disks are not present
1234894 - SCVMM provisioning from template fails for templates with spaces in their name
1234904 - SCVMM provisioning from template fails on SCVMM SP1
1234987 - Custom Buttons are not displayed
1234990 - SCVMM provisioning from template fails to extrapolate the destination storage correctly
1235259 - Dynamic drop downs are executing up to 3 times when a service dialog executes
1235384 - [RFE] SCVMM post provisioning ems refresh takes too long
1235541 - OpenStack tenant visibility not limited by tag
1235822 - Cannot run VM because it is in Powering Up status, encountered during phase autostart_destination
1236174 - [RFE] Automate: Run state machine from within another state machine
1236522 - Refresh button makes interface hang
1236599 - For SCVMM hypervisor, verifying host credentials throws EPIPE
1236977 - Configuration button remains disabled when "check all" is selected
1237091 - VMs / Instances search box is not available (visible) when custom logo is in use
1237110 - Cannot change server's zone from 'default'
1238179 - VM Utilization screen generating charts throws internal server error after Rails 4
1238236 - unknown attribute: resource_action  Method:[rescue in block in seed] in
1238268 - [RFE] Retrieve Reporting reports from RESTapi
1238271 - [RFE] Retrieve ChargeBack reports from RESTapi
1238287 - [RFE] Monthly Billing - Report to provide watermark sockets of hypervisors
1238288 - [RFE] Monthly Billing - Report to provide watermark vms per provider.
1238390 - cloud-init parameters not being passed to rhev
1238391 - Lifecycle/customize root password logged in clear text.
1238423 - migration error "Process ID out of range error" after evmserverd start
1238443 - Migration: Db:migrate failure when going version 5.2.4 -> 5.4 while uninstalling rubyrep
1238485 - undefined method error raised when viewing hosts
1238530 - Unable to add Infrastructure and cloud providers
1238548 - Adding a new class leads to Blank screen
1238555 - Error when clicking on Optimize tab
1238601 - Flash message doesn't go away upon clicking
1238819 - Update UI labels to include words State Machine for service entry points
1239035 - Update using UI fails to auto-start the server back up
1240309 - Javascript error on refresh of dynamic drop down with nil key
1240337 - Smart state analysis fails on EC2 instances with undefined method ` + 'for nil:NilClass "
1240485 - UI: Titles/Breadcrumbs on Provider screens are incorrect
1240742 - Performance issues in provisioning after initial template selection
1241890 - undefined method `description' for nil:NilClass] encountered during phase [create_pxe_configuration_file] when no pxe image is selected while provisioning
1241972 - Clicking on Host/Services returns exception: undefined method `num_cpu' for nil:NilClass
1242152 - upstream : Error on adding infrastructure  provider
1242369 - Spinner spins forever while sorting policy actions
1242459 - accessing to vm_infra/explorer raises "Error caught: [ArgumentError] comparison of Array with Array failed"
1243695 - "Time Zone" (under Chargeback Interval section) in chargeback report is not functioning
1243938 - [Scale] - Inventory of 10k vm provider, 90minutes spent between Updating Folders To Vms relationships to Updating Clusters To Resource Pools relationships
1243983 - Full screen report view error's out with IE
1244370 - Upstream build : Unable to add credentials for Vmware provider
1244943 - UI: when trying to access URL directly pointing to an object after login user remains on dashboard show screen.
1245300 - Refresh button makes interface hang on viewing Request
1245450 - undefined method `name' for "CentOS Server":String [provider_foreman/show] on pdf download in foreman configuration profile page
1245511 - [RHOS] When the admin user is a member but not an admin of a flavour, it raises an error during provider refresh.
1245724 - automate drb load limit error "too large packet"
1246140 - Foreman UI - provider filtering is also being applied to configuration profiles within providers
1246536 - Infrastructure Provider summary. IP Address row header should say "Discovered IP Address"
1246538 - [ActionController::RoutingError] No route matches {:controller=>"vm_or_template", :action=>"launch_html5_console", :id=>1000000000151}
1246546 - "Host Name" should change to "Hostname" in Provider and Host editing forms
1246558 - Resource Pools Properties dropdown expanded by default
1246655 - no way to specify embedded proxy affinity for multi-datastore environments
1246693 - Service dialog : Adding a service dialog of "Drop down list " type without adding entries shows error
1246994 - VM provision dialog shows incorrect cpu count for RHEV CFME templates
1247375 - RBAC: Unable to restrict self-service users from seeing Clouds and / Infrastructure / Requests
1247664 - vm.create_snapshot fails for vmware vm Handsoap::Fault
1248039 - Unable to Importing into a new Automate Domain if a custom domain exist
1248181 - Cloud Provisioning dialogs do not apply RBAC filtering to resources displayed in dialog fields
1248329 - upstream:Copying an Analysis Profile shows Add screen, but no buttons are present
1248446 - Schedule editor not initializing Action drop down
1248547 - Add container provider screen - the credentials section has a misplaced "optional" label
1248747 - service :quota : Provisioning quota for CPU , Memory and Storage doesn't work
1248914 - upstream:undefined method `[]' for nil:NilClass [vm/right_size]  on VM 'Right Size Recommendation'
1248951 - undefined method `include?' for nil:NilClass [catalog/x_button]  on service catalog Add new button
1249664 - Dashboard "Top Storage Consumers" clickable but does not react on mouseover
1249670 - "[NameError]: uninitialized constant ManageIQ::Providers::Vmware::InfraManager::RefreshParser::Filter::Parser" found in evm.log file
1249692 - Error message should be shown when OpenStack Cloud added as OpenStack Infra provider
1249726 - Clicking on the Cloud Intelligence/Reports throws error in production.log file
1249730 - Running reports produces different errors each time
1250087 - Provisioning fails due to cluster not being selected on Vmware / RHEV
1250202 - Unable to see heat templates in tenants other than admin
1250229 - UI plugin for external links in CFME menu displays empty frame instead of configured external website
1250438 - UI: Clicking on refresh button in "All saved reports" page says "The user is not authorized for this task or item."
1250444 - Log directory filling up when AWS was having API issues
1250831 - [TypeError]#not a class/module  Method:[rescue in deliver]  during vmware snapshot creation
1251311 - Dashboard Graph widgets fail to load when revisiting the dashboard
1251345 - [TypeError] no implicit conversion of nil into String on Add/copy Infra/PXE customization templates
1251819 - No flash message displayed for validate for validate Foreman provider
1252672 - undefined method `super_admin_user?' for #<ApplicationHelper::ToolbarChooser:0x0000000d4a4798> [miq_ae_tools/resolve]  in Automate->Simulation
1252678 - ActionController::RoutingError  in database tab pages
1252849 - Heat stack deployment gets stuck when stack parameter is not found
1252976 - Service Dialog Import / Export isn't importing All of the Service Dialogs
1253126 - ERROR -- : PG::AmbiguousColumn: ERROR:  column reference "ems_id" is ambiguous LINE 1: ..."event_streams".. in provider timelines
1253134 - (LoadError) cannot load such file -- workers/event_catcher_openstack  on adding openstack provider
1253339 - Host Timeline results in infinite refresh with error in host and vm
1253442 - WebUI: Replace  <_Unassigned> with  <Unassigned> in Catalog drop down
1253460 - WebUI: Center toolbar disappears after clicking on search button
1253463 - Sorting container entities list by provider column crashes the UI
1253468 - UI: Error when trying to access Cluster summary screen
1253479 - WebUI: Credential fields missing while adding new foreman provider
1254055 - Unable to add new fields in Automate Class Schema
1254058 - Automate Class Schema can't change sequence of fields
1254211 - when quota exceeds Group Allocated Memory always shows "0.00GB" in last message of request details page
1254302 - linux_admin dependency is too wide open causing failure in internal database configuration
1254359 - VM fails to launch on Amazon with NameError log_header
1254564 - SmartState times out if snapshot creation takes too long
1254882 - Provisioning quota for CPU/Mem/Storage doesn't work for cloud providers
1255048 - Reconfigure service button gives 404
1255190 - Vm Clone : Need ISO image selection validation when provision_type ISO is selected in cloning
1255485 - Web UI: "&para" string needs to be handled properly in Automate Instance
1256404 - Amazon provider fails with: [NoMethodError]: undefined method `keys' for nil:NilClass
1256437 - Protected text fields are not being added to options_hash
1256534 - Unexpected Error Encountered  Refreshing Running Tasks
1256674 - The cursor inside the VM and outside the VM are not moving together for  Win 7 or Win 2008.
1257748 - [RFE] Add the ability to change the password for a user through API, especially for 'admin' user
1258072 - UI: Bottleneck events for providers not seen under Optimize ->Bottlenecks
1258648 - State=<GetDiskInfoWindows> running  raised exception: <execution expired>
1258927 - UI: Reports explorer rebuilds trees on every transaction after Queue Report button is pressed once in UI.
1258985 - when a smartstate worker times out and is killed, any child processes (eg,vixdisklibserver.rb processes)  are not killed with their parents leaving them running with PID 1 as the adopted parent process
1259082 - UI: Replace 'choose a clusters' with 'choose a cluster' on Optimize->Planning page
1260139 - IP Address of VMware host not found
1260196 - [RFE] Cloud Inventory collection should gather and store disk info for flavors
1260436 - Unable to deploy heat stack from bundle catalog item
1260640 - vnc connections to a windows 8.1/2012R2 experience mouse tracking issues
1262002 - Openstack Infrastructure provider shows <Unknown> Credentials in the Status box when AMQP credentials are provided
1262461 - Orchestration stack summary page show 0 number of instances, security groups, and networks
1262841 - Datastore File Browsing: Columns sorting does not work, per page change does not work
1262973 - Order service form shows <Script error> in the Tenant dropdown
1262984 - [RFE] Remove old CA file
1263073 - undefined method `strip' for nil:NilClass [ops/ap_edit] while creating vm analysis profile by selecting a category
1263326 - Clicking on "Migrate selected items" under lifecycle dropdown routes to wrong config screen
1263494 - Control Action UI: Missing ability to set request message for "Invoke a Custom Action"
1263592 - Quota calculation does not count all VMs/Instances for All providers own by Group
1263744 - Cloud Tenants Description field length limit causes inventory collection to fail when OpenStack Tenant description is over 255 characters
1263845 - UI: When migrate button is pressed from a sub list of VMs, it redirects to incorrect screen.
1264165 - 'Couldn't find SystemService...' error on clicking host services
1264183 - undefined method `id' for 1:Fixnum [ems_infra/show] while viewing timelines for a provider
1264188 - [Scale] - VIMBroker spends ~28s hot on a vcpu while outputting status to vim.log every 15minutes on large scale vmware provider
1264218 - Invalid Timezone: xyz ( [vm_infra/perf_chart_chooser] error when any non-default time profile is selected for C&U charts
1264225 - /bin/prince exit code: 127 error while downloading PDF reports
1264312 - Deprecation warning when initializing database
1264313 - Errors in evm.log during database configuration
1264327 - All RHEL-OSP SSA throws errors
1264497 - setting provider name and then type when adding new provider, clears name
1264511 - add provider type dropdown options too small, need to scroll which is silly
1264513 - Broken UI layout in Simulation
1264564 - Broken icons when viewing Tasks
1264569 - Log_level Deprecation warning in log
1264815 - No route matches {:action=>"show_list", :controller=>"foreman_provider", :id=>nil} [miq_request/prov_edit]  on cancel configured sytem provisioning
1264982 - Add support for OSP-d infra provider scale out using Heat patch method
1265059 - add vim package to appliance
1265155 - OpenstackInfra specific charts no longer work
1265188 - WEB-UI: RBAC - While adding a new group, the "Role" and "Project/Tenant" drop down's default value displays as "Choose"
1265203 - WEB-UI: Tenants - Maintain Uniformity for Error messages in Tenant pages
1265221 - Web-UI: Tenants - Unable to edit the Name field
1265274 - VMware Host credential validation does not provide feedback
1265289 - CloudForms does not delete RabbitMQ Queues on disconnect
1265393 - UI - Configure / Configuration error while adding a new company tag category
1265400 - UI: Reports Explorer - Form buttons missing on Schedule editor
1265404 - "The page you were looking for doesn't exist" displayed while navigating to cloud provider timeline pages
1265456 - unexpected error clicking on infra provider summary cluster/VM relationships
1265462 - routing errors under cloud objects
1265463 - log rotate not working on the appliance
1265466 - rhev clone template provisioning fails
1265590 - Openstack infra provider refresh depends on the associated cloud provider status
1265750 - Unable to add New Cloud Provider
1266252 - Save button disabled on  'Set ownership for Virtual machine' page
1266270 - ERROR -- : [NoMethodError]: undefined method `self_service_user?' for nil:NilClass  Method:[rescue in generate_one_content_for_group]
1266467 - error raised durring the discovery of a vmware host
1266547 - Cannot add e-mails manually in e-mail editing form
1266561 - Cloudforms can confuse two hosts as being a single one
1266951 - RH Updates: Default update channels and repos must be updated
1267045 - Cannot edit a Foreman Provider in Grid/Tile view
1267148 - Unable to save configuration settings for  start page,default items per page and display settings
1267390 - VM name missing in chargeback reports
1267565 - smart state analysis for  vmware vm fails with "Unable to mount filesystem. Reason:[FFI::VixDiskLib::ApiWrapper#open (errcode=15 - VIX_E_FILE_ALREADY_LOCKED): The file is already in use "
1267642 - undefined method `make_request' when provisioning SCVMM VM
1267651 - Containers: Inventory collection fails - undefined method `collect' for nil:NilClass
1267697 - Much higher memory usage in 5.5
1267698 - Internal DB Password Configuration breaks when password contains non-alphanum characters
1267700 - undefined method `gsub' for 1000000000001:Fixnum [ems_infra/show] when clicking on Templates from provider summary screen
1267749 - Unsupported options [:select] [miq_capacity/optimize_tree_select] while viewing cluster,datastore,provider utilization
1267767 - ActionController::RoutingError (No route matches [GET] "/images/icons/72/currentstate-terminated.png")
1267768 - ActionController::RoutingError (No route matches [GET] "/images/icons/new/vmdb_table_evm.png")
1267769 - ActionController::RoutingError (No route matches [GET] "/images/icons/new/vmdb_database_setting.png")
1267815 - Remove text "miq"  from "miq templates" in host summary page
1267888 - spa_ui: hardcoded API endpoint makes it not work on an appliance.
1267914 - Hovering on element "Type" while creating a service dialog displays tags "&lt;Choose&gt"
1267999 - Broken layout for RH Update
1268055 - UI: Catalogs Explorer - Unable to create a Catalog Bundle
1268072 - Setting When to Provision to Schedule fails to load schedule fields and returns to Immediately on Approval
1268149 - ActionController::RoutingError (No route matches [GET] "/images/icons/new/vmdb_database_connection.png")
1268230 - RH Update - the edit form doesn't change dynamically
1268448 - appliance - RHEV Guest Operating System set to Other OS rather than Red Hat Enterprise Linux 7.x x64
1268826 - Timelines page missing for cloud providers
1268975 - Check for missing hostname when doing Smartstate analysis and log warn
1269054 - Openstack Infra refresh should not depend on openstack cloud provider status
1269115 - Flash message is displayed twice in reporting schedule page
1269116 - Database indexes and tables pages display only one row per page
1269680 - Chargeback Interval for weeks is not honored
1269790 - appliance_console broken
1269999 - Request: "'nil' is not an ActiveModel-compatible object" error when on approve request screen
1270009 - Services: UI error deleting Services
1270339 - Submitting a half finished provisioning request actually creates a request
1270381 - Report charts fail to render
1270383 - [SSUI] - Login page already has credentials
1270384 - [SSUI] - Logout button does nothing
1270400 - Replace 'Vms' with 'VMs' on Host summary page
1270596 - Error in appliance console
1270700 - Some form buttons are missing alt parameter.
1270782 - PG::ObjectInUse: ERROR:  database "vmdb_production" is being accessed by other users when resetting database region
1270970 - Form validation incomplete
1271077 - Changing the default filter settings and navigating to that page displays blank screen.
1271202 - Cannot create nested automate namespace or a class in namespace
1271288 - The "Edit Registration" button disappeared
1271332 - [RHEL-OSP] During SmartState Analysis of an Image: "Unknown QCOW version: 3"
1271355 - No root fileystem found when running SSA on instances in OSP with Ceph
1271359 - [RHEL-OSP] SmartState Analysis of Archived Instances fail
1271475 - [zh_CN] zh_CN not added to Locale UI.
1271514 - Couldn't find OrchestrationStackParameter with 'id'=0 [WHERE "orchestration_stack_parameters"."stack_id" = ?] [orchestration_stack/parameters]
1271563 - Cannot create an Amazon Service Catalog item as a tenant admin
1271668 - top_output log missing datetime stamp
1271722 - [AbstractController::DoubleRenderError] when clicked on add button while creating heat orchestration template
1271723 - 'Orchestration Template creation': Validation failed: Md5 of content already exists"  always displayed while creating heat orchestration template
1271740 - Unable to select check all,checkbox hidden behind the width change button
1271748 - Copy orchestration template page misrendered
1272224 - Discovery of vCenter 5.5 fails for some configurations
1272258 - UI: Missing partial error when trying to view a Request
1272260 - Load error(parseerror) on clicking tables on Database accordion
1272337 - ERROR -- : RedhatAccessCfme::PortalClient: Caught HTTP error when proxying call to tapi: 401 Unauthorized: {"message":"Unauthorized: null user"} on clicking Access Insights
1272351 - undefined method `se_linux_user' for nil:NilClass [container/x_show]  when clicked on containers
1272454 - WebUI: HTML5 Console: Unable to connect html5 console for rhevm vm's with SPICE display
1272552 - Redundant 'Avg' in Memory column in Top Memory Consumers widget
1272604 - evmserverd service is enabled on first boot
1272616 - Unexpected error while accessing accordions on Cloud Intelligence->Reports as tenant admin
1272618 - Missing links to product documentation on Support Page
1272990 - RBAC:unable to login when the user have access to only container feature
1273032 - Unhandled Exception when saving adv search filters
1273033 - RBAC: Error[ActionView::MissingTemplate] Missing template dashboard/maintab when clicked on configure for user having access to tenant feature
1273096 - Openstack Cloud provider shows <Unknown> Credentials in the Status box when AMQP credentials are provided
1273120 - Error when copying a method from builtin Domain to a custom one
1273128 - Kubernetes: 'missing partial' error on selecting a node in container images
1273182 - Clicking on provider link in cloud event bubble doesn't take you to cloud provider summary  page
1273275 - Report generation returned: Status [Error] Message [undefined method `to_hash' for #<String:0x00000012e911e8>]  on download reports
1273352 - Text wrapping creates an extra line when clicked on accordions links
1273436 - The page you were looking for doesn't exist displayed on clicking cloud/Infrastructure Provider link in relationship accordion
1273517 - UI: Reports Menu Editor - Does not display flash message to indicate that folder name already in use
1273529 - Error generating some reports
1273654 - Remove leading space from Enterpise option in Assign to dropdown on Chargeback Assignment page
1273919 - When tenant user is provisioning new VM, tenant quota limits are being ignored
1274270 - Time zone shown wrong when editing schedule
1274314 - Date input field in retirement editor behaves inconsistently
1274332 - Retirement Warning dropdown menu in retirement editor is not updated correctly
1274589 - ActionController::RoutingError (No route matches [GET] "/assets/dhtmlx_gpl_36/imgs/dhxlayout_dhx_miq/dhxlayout_bg.png")  in production.log
1274665 - On Failure dropdown list is displayed twice if "Do nothing" option is selected during heat stack deployment
1274673 - "Eror during 'Provisioning': undefined method `match' for 2:Fixnum" during heat stack deployment
1274842 - Containers: Unable to edit port of a containers provider
1275363 - Retirement Date not shown on Orchestration Stack  summary page
1275364 - ActiveRecord::AssociationNotFoundError in evm.log
1275367 - RoutingError (No route matches [GET] "/assets/dhtmlx_gpl_36/imgs/dhxlayout_dhx_miq/dhxlayout_bg.png")
1275380 - Error while viewing Cloud tenant summary
1275392 - [SSUI] - Page title says ManageIQ, shuld be Red Hat
1275404 - Icon images broken for timeline events
1275405 - Script error appears on the tenant selection dropdown box when order an orchestration provisioning
1275514 - Tenant column in the template selection list of catalog item should be displayed for only cloud provider templates
1275582 - Unhandled Exception when entering invalid URI
1275589 - Routing Error when clicking on Clouds menu link
1275666 - Log file shows: Undefined method `Rpm' for LinuxAdmin:Module
1275676 - Log file show: Cannot load `Rails.application.database_configuration`
1275679 - [SSUI] - Refreshing login page gives 404
1275685 - Disabled datastores show in a different font
1275707 - No feedback for loading when selecting catalog type
1275768 - undefined method `scan' for true:TrueClass [host/host_services] while clicking any of the host running servicesl
1275982 - No route matches when clicked on manage policies for stack instance
1276009 - undefined method `[]=' for nil:NilClass [miq_request/prov_field_changed]
1276098 - Flash messages missing while Deleting and Cancelling a Schedule
1276101 - Delete schedule message is displayed in black color instead of green
1276107 - Consistency need to be maintained for the delete option in schedules list page and schedule details page
1276118 - CFME should not use OpenStack adminURL endpoints for any services
1276129 - undefined method `x_get_child_nodes' for TreeBuilder:Class [report/x_show]
1276135 - undefined method `+' for nil:NilClass [ops/rbac_group_edit]
1276139 - Load error(parseerror) while clicking folders under Reports accordion as tenant admin
1276275 - Queuing a report makes it queue twice
1276301 - warning.png is missing in the images folder
1276375 - Replication worker validation passes, worker fails w/ "Replication configuration is invalid." if port not set
1276377 - Icons needed for new host events
1276405 - UI should not allow duplicate providers to be added
1276453 - Azure orchestration provisioning failed due to missing Azure Vm automate model
1276459 - SSA fails because MiqNfsSession creates temporary mount point.
1276469 - Azure orchestration stack provisioned through service does not have template association
1276496 - Timeline event text shows time stamp instead of event name
1276552 - Error:Action not implemented [orchestration_stack/button] in stacks instances comparison
1276692 - Watermark reports configured to go back only 2 days
1276706 - Issue getting an IP address on the cfme-5.5 appliance
1276859 - unexpected error creating cloud catalog items
1277016 - Error during 'check_compliance_queue': Unknown task, check_compliance_queue when clicked on check compliance of last known configuration for stack instance
1277077 - HTML character codes present in tool tip of "Edit My Company Tags for selected tenant"
1277106 - Check all functionality does not work in Automate->Provisioning dialogs Page
1277220 - "ERROR -- Event not found in MiqAeDatastore", update messaging
1277258 - The Provision VM hour and minute popups have poor or no formatting being applied.
1277276 - Search box not available on VM/Instance list page
1277302 - Unable to perform Datastore SmartState Analysis : undefined method `ext_management_system' for storage
1277367 - Couldn't find ManageIQ::Providers::InfraManager without an ID [ems_infra/tagging_edit] when clicked on edit tags from scale infrastructure provider page
1277620 - Confirmation Message appears multiple times when Power Cycling a VM Instance
1277641 - routing errors under provider relationships
1277707 - Binaries for customer installed gems will not be found
1277960 - Only the last added Openstack Infra provider shows up in the list when adding an Openstack Cloud provider
1277971 - Running SmartState analysis on Openstack Infrastructure nodes can take a long time
1277993 - Node users list pagination doesn't work
1277995 - NoMethodError during inventory of Satellite 6 without any hostgroups
1278036 - Openstack Cloud provider is missing the API version select box
1278041 - Containers: REST API cannot accept token for creating the Openshift provider
1278076 - Log rotate generates SELinux permission errors
1278161 - Rhev vm scan error [bad component(expected port component): "443"]
1278202 - Permission denied errors when logging in with non-root users
1278331 - UI: pdf/csv/text download button is missing text
1278368 - OpenStack Platform Director nodes should not show any power actions in the nested list ( when you click e.g. on nodes in provider or cluster)
1278427 - Timelines power activity event is missing icon
1278432 - Web-UI: HTML5-Console: Ports 5900:5999 not enabled in firewall
1278456 - WebUI:VMRC: Windows: Firefox and IE throws "TypeError: $.browser is undefined" error
1278459 - WebUI:VMRC:Linux:Firefox - "SyntaxError: expected expression, got '&'" when accessing the vmrc console
1278463 - UI should not allow scans to be issued if the datastore is not vmware based
1278469 - UI exception when sorting Host's users
1278470 - No Heat related events show up in the Timelines for the Openstack Platform Director prov
1278568 - Increase default memory to 8GB on appliances
1278741 - Dashboards are not displayed if a user only has "view" permission on dashboards
1278883 - Nodes utilization charts do not show up
1278904 - credential RHEV hosts fail
1279390 - <AutomationEngine> Class [System/Event/EmsEvent/OPENSTACK] not found in MiqAeDatastore
1279435 - undefined method `block_storage_disk_usage' for nil:NilClass [ems_cluster/show]
1279449 - Nodes devices show huge icons
1279551 - UI: SSUI login screen & header are not completely productized
1279601 - dozens of "[RuntimeError]: Expected scheduled time 'at' to be 'numeric', received 'Time'  Method:[rescue in deliver]" associated with specific default reports
1279603 - multiple ERRORS of the form "MIQ(MiqQueue#deliver) Message id: [...], Error: [PG::UndefinedTable: ERROR:  missing FROM-clause entry for table "hosts"' for reports
1279999 - Self Serice UI login screen has unimplemented features
1280044 - File image upload for services catalog fails with 500
1280278 - the list of all groups a user is part of does not allow to see them all on one screen if there are enough groups
1280323 - Containers: Container Image scan doesn't work
1280350 - NameError uninitialized constant MiqAeMethodService::MiqAeServiceEmsOpenstack
1280354 - Containers: "nil" string is displayed in component status error column
1281295 - Containers: missing CFME productization for Kubernetes and Atomic providers
1281345 - Changing view for instances list in a Relationship list doesn't work
1281445 - Containers UI: Overview (dashboard) and topology screens are empty
1281462 - Search button misrendered in filter page
1281477 - Saved filters are broken under Infra/Vm and Infra/Templates
1281548 - [SSUI] Focus on user field on login screen and identify user in banner
1281561 - UI:  Count of services in Classic vs. SSUI do not match
1281585 - Unable to list cloud networks in automate
1281746 - InfraManager::EventCatcher worker keeps getting restarted
1281860 - Automate UI Error: NoMethodError in MiqAeTools#resolve
1281872 - Wrong button location on different pages
1281883 - RHSCL 201.pem certificate missing from /etc/pki/product
1281887 - SSA of templates blocked.
1281968 - Secondary C&U charts only show stopped Hosts and VMs, should show running as well
1282317 - The page you were looking for doesn't exist displayed on clicking cloud/Infrastructure Provider link in relationship accordion of all the cloud objects
1282433 - Web-UI: Containers: Clicking on "Project / Pod" throws "ERROR: column container_groups.project does not exist LINE 1: ...stems"."id" = "container_groups"."ems_id" WHERE ((container_... ^ [container_group/show_list]" error
1282436 - Error:undefined method `[]' for nil:NilClass [miq_task/button] when clicked on cancel job button in All VM Analysis & All other Task Page
1282576 - Red Hat Insights  when Appliance is registered to Satellite 5/6
1282716 - ActionController::RoutingError  when sorting infrastructure and cloud objects when navigated through provider summary page
1282756 - Remove Web-based VNC console option from archived nodes
1282815 - Cannot refresh openshift due to missing permissions for componentstatuses
1282851 - VMware provider refresh fails with 'divided by 0'
1282857 - UI: Values in type dropdown on Cloud discovery screen should be titelized or have nice display name
1282907 - Automate | System/About class schema version attribute needs to be updated.
1282927 - Default entry in /etc/hostname is 'localhost.localdomain.localdomain' opposed to 'localhost.localdomain'
1282965 - UI: Spinner doesn't stop when submitting options on Service/Requests screen'
1282972 - UI: Count of Catalog Items under Service Catalogs in Classic vs. SSUI do not match
1283019 - CVE-2015-7502 CloudForms: insecure password storage in PostgreSQL database
1283195 - Host entries are no longer adopted after deletion and re-add
1283282 - Screen contents gets cutoff when toolbar wraps
1283402 - Heat templates provisioning only to admin tenant
1283564 - Containers UI: Overview (dashboard) Does not show number of Providers
1283603 - Cannot access items in automation tree for service catalog entry point
1283642 - Saved filters aren't display under Infra/Templates/Global Filters and My Filters
1283680 - Events timeline isn't displayed for containers
1283683 - Utilization button not working for containers
1283745 - UI ERROR When bulk deleting copied methods.
1283747 - UI: Form buttons and paging controls are missing in Reports explorer
1283790 - When adding a new Group, clicking on Look Up LDAP Groups no longer works
1283795 - Automate | Fix issue where the old Infrastructure quota instance points to new quota.
1284039 - [SSUI] Sample text on login screen needs to be removed or replaced with CFME pertinent text
1284049 - undefined method `flavors' for #<ManageIQ::Providers::..> when clicked on template name while creating OpenStack catalog item
1284122 - UI: Need to remove iStock images from SSUI
1284256 - container provider's timeline balloons have labels relevant to vms and are missing container ones
1284662 - access insights tab missing
1284938 - Containers SmartState Analysis should use the management-infra namespace
1285341 - After a certain amount of time the EventCatcher worker (thread) is stopped and deleted
1286421 - Containers: Metrics/utilization is broken for Pods
1286666 - Missing port selection in cloud infrastructure providers
1288193 - Red Hat Insights Report Detail always shows "No Actions"

6. Package List:

CloudForms Management Engine 5.5:




These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from

7. References:


8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
Version: GnuPG v1


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967