Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1855 Red Hat CloudForms security, bug fix, and enhancement update 26 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat CloudForms Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-7750 CVE-2018-1104 CVE-2018-1101 Reference: ESB-2018.0862 ESB-2018.0801 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat CloudForms security, bug fix, and enhancement update Advisory ID: RHSA-2018:1972-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2018:1972 Issue date: 2018-06-25 Cross references: RHBA-2018:1109 CVE Names: CVE-2018-1101 CVE-2018-1104 CVE-2018-7750 ===================================================================== 1. Summary: An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.8 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) * ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101) * ansible-tower: Remote code execution by users with access to define variables in job templates (CVE-2018-1104) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104. The CVE-2018-1101 issue was discovered by Graham Mainwaring (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1489507 - Simultaneous service catalog request do not honour quotas 1496902 - Can add ansible tower provider without validation 1500951 - Can't Save Role when Enabling All Product Features for Ansible folder of a CloudForms Role 1511030 - Updates to RHEV Host Causes Duplicate Names in CloudForms 1526156 - Can't configure Red Hat Dropbox for logs in a global region when a sub-region has one already configured 1531499 - Automation->Ansible is visible for multiple roles when it should not be 1532272 - Catalog dynamic element entry point selection is cached and does not allow selection 1533082 - Reset tag: Flash message duplication 1535369 - Cloud Subnet create form - 'Cloud Subnet details' title displayed twice, 'Placement' title (section) missing 1536684 - Tooltip on retire button blocks the click of options 1537132 - Miq Server leaks memory and we fail to detect and remediate it 1540579 - Deployment roles are missing on CFME 5.8.3.2 over RHOS 12 1541341 - Gettext strings should not contain interpolations 1541427 - Tag assignment: 'Reset' button doesn't work for vms, templates 1541700 - RHOS 12: Infra provider scale down is broken 1544488 - [UI][RHOS] - remove Edit and Delete actions when in the SDN list view 1549626 - webui updates failing when a proxy is required 1549723 - WebUI: Tool tip displays html code while setting the ownership for multiple vm's 1549833 - cpu_usagemhz_rate_average is 0 for RHV 4 VMs 1550116 - Subscription page fails when a remote database is down 1550276 - Getting Couldn't find MiqTask Errors in evm.log 1550715 - Stored C&U "CPU (Mhz)" values for RHV VMs are incorrect (too high) by a factor of two 1550729 - Replication configuration page does not open when child database is down 1550732 - [Ansible Embedded] - Embedded Ansible cannot be enabled on IPv6 only appliance 1550737 - unable to view quotas without manage quota permissoin being enabled in 5.8.2 1551627 - Automate code from git does not work for repositories without master 1551693 - internal server error ActiveRecord::AssociationTypeMismatch when editing current_group 1551697 - Colons are unhandled in BaseModel key generation in AzureArmrest 1551699 - Not possible to configure GCE provider for new regions (southamerica-east1) on CFME 1552135 - Openstack refresh fails if it finds non-public flavors 1552233 - [RFE] Ability to select OpenStack External external network during the instance provisioning 1552780 - Adding floating IP from OSP do not enforce tenancy limits 1552891 - Tagging: Edit tags page doesn't open for network list items navigated through parent details page 1552905 - The accordion folds after adding a schedule 1553225 - Set Ownership can not be changed back to default 1553249 - UI: Same icon used for multiple options on Cloud Tenants page 1553308 - Undefined method `vmm_version' for nil:NilClass on VM summary screen 1553331 - Using webmks console one cannot type correctly the password when it contains special characters 1553337 - Default view settings fails for service catalogs 1553364 - Add miqssh utilities 1553465 - Enhance credential missing msg/behavior for VMRC console access 1553473 - Region size of 10,000 Objects Supportable for VMware Provider 1554533 - Schedule report fails to send mail when report is not empty 1554543 - Long time to refresh network provider on OpenStack 1554900 - when deleting an archived node using configure > remove a unknown method error is raised 1555487 - Dynamic Dropdown Multiselect: By default selects an element 1556814 - symbol conversion error while detaching disks from an openstack instance 1557025 - [RFE] Amazon provider - Allow user to enable and disable instance_types 1557130 - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py 1558032 - internal server error when accessing the "policy_events" attribute of the "vms" resource 1558039 - AWS flavor list is out of date 1558047 - OpenStack - Include Provider Error Message in MiqProvisionFailure 1558076 - Fix WebMKS/VNC console connectivity 1558595 - No event AWS_EC2_Instance_UPDATE when renaming a VM on EC2 1558622 - RedHat domain can be edited/deleted 1559551 - Regression Instance Method check_quota Throws Error 5.8.2 to 5.8.3 undefined method provisioned_storage 1559553 - Api::ServiceCatalogsController timeout error in multi-regional environment 1560097 - Error occurs when trying to edit a catalog item 1560099 - Outgoing SMTP E-mail Server settings not saved on first attempt 1560693 - Stop CF pestering OpenStack for Swift status when there is no Swift. 1561077 - Duplicate RBAC Role and Group names allowed when using different capitalization from the original name 1562773 - tenant source_id compromisation after changing provider credentials 1562775 - Approval permissions are not followed between different groups 1562798 - CFME - usage of non standard special characters (e.g. accents) in password causes user is not able to login 1563492 - CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges 1563721 - Differencing Disk on Network Drive Fails Smartstate if initial disk on Local DRive. 1563741 - ReconfigVM Event triggers a refresh_sync Holding Automate Process in State Machine 1564264 - Openstack::NetworkManager Refresh failed [NoMethodError]: undefined method `[]=' 1564454 - [Regression] Unexpected error while opening Cloud Intel Timelines 1565157 - Unable to see realtime data from OpenShift in CloudForms UI 1565162 - Ansible playbook credentials always show default value in SUI 1565169 - openstack provisioning instance fail on checkprovisioned 1565248 - Service Template Provision Task Failing When Picked Up by Appliance in Wrong Zone 1565342 - [Azure]Provision Multiple VMs with Public IP selection options 1565358 - [RHV] VM Reconfigure: Down VM Memory increase fail on cannot exceed maximum memory 1565362 - SSA fails if disk has empty partitions in the beginning 1565364 - Smartstate on Azure Managed Linux Instance returns Unable to mount filesystem. Reason:[XFS::DirectoryDataHeader: Invalid Magic Number 0] 1565365 - Unable to perform SSA if Vm storage is fileshare on SCVMM and throws error in evm.log 1565366 - VMware Edit provider has Host Default VNC start and End Port options, but Add Provider does not 1565389 - Automate tree in the left pane has duplicates following any copy operation (instance, class, namespace) 1565403 - Creating buttons under the Datastore objects do not appear on Datastore Details Pages 1565414 - Total matches of Ems Cluster roles showing wrong count 1565678 - Container reports take too much time to generate 1565724 - vm reconfigure when quota enabled gets stuck in 'pending' state 1565760 - Automate: customize_request method in Redhat domain incorrect sets security_group value in options hash 1565835 - Role inconsistency with privileges when creating reports and setting chargeback filters 1565862 - CVE-2018-1104 ansible-tower: Remote code execution by users with access to define variables in job templates 1566256 - DRb 'close' error for closed connection 1566528 - Reporting worker exceeding threshold for default report tied to custom widget 1566746 - Dropdown to delete a "not responding" server is missing 1567983 - Middleware Provider Timelines Typo in Policy Events->Middleware Operation Description 'Tagret' 1568016 - notifications do not get cleared from the notification table 1568042 - CloudForms: Unable to perform "Exit Maintenance Mode" task of VMware host 1568045 - Control->Explorer is visible for evmgroup-security role 1568084 - Default Container Image Rate can be deleted 1568159 - User Interface does not come up after reboot 1568168 - Moving widgets to the bottom of a column fails 1568576 - Deployment template validation failed 1568603 - Git repo automate datastore refresh timing out upon credential change 1569079 - Getting Forbidden exception after ordering the service by non-admin user. 1569100 - Orphaned and Archived VMs displayed in running vms filter 1569104 - Online VMs (Powered On) report lists Orphaned and Archived VMs/Instances 1569118 - Apache Reloaded twice with logrotate 1569127 - We cannot backdate the schedule once you schedule it 1569171 - Help Documentation is only visible to users with super admin role 1569179 - ERROR : 404 when trying to set the retirement date of the service 1569230 - Missing Guest OS in dashboard reports in Openstack 1569237 - [UI] - ManageIQ string in PDF summary file for flavors 1569241 - Tagging: Edit tags page doesn't open for images opened from provider summary page 1570060 - [RFE] Metrics for memory usage of AWS instances is missing from C&U 1570951 - Service and VM retirement are non-deterministic, running parallel 1570990 - Service Catalog Item Subtype not rendered in UI 1571311 - Unable to select storage manager from drop down list through classic UI 1572621 - RHSM failing to register with proxy settings 1572719 - Provider Inventory worker vim.log fills up due to large log messages 1573540 - Dashboard widget is not providing exact content due to Type conversion Exception. 1574155 - Refresh Failing for VMware VIM object is too large 1574571 - OSPD 12 Undercloud - Infrastructure Provider refresh failed 1574615 - [RFE] make available tags defined on the azure side on azure objects to cloudforms for reports 1576101 - total costs no longer showing in any chargeback report if they are the only columns in the report 1578575 - RHOSP11 metric collection stuck with error: Fog::Metric::OpenStack::NotFound 1578853 - Compliance check is greyed out under VM summary screen when VM is selected but not when you click on the VM. 1578866 - Error upon successful SAML login when username contains capital letters 1581387 - Dynamic dropdown doesn't refresh correctly 1583711 - Unexpected Error when accessing SERVICE -> REQUESTS (undefined method find_tags_by_grouping) 1583790 - UI Worker Exceeding Memory Trying to View Hosts for VMware Provider 1584187 - CPU Utilization report graph shows dates on x axis in random order 1584688 - refresh_target_for_ems is not running in one of our environments 1589834 - [RFE][XS-2] Add possibility to unregister a VM in RHV provider 6. Package List: CloudForms Management Engine 5.8: Source: ansible-2.4.4.0-1.el7ae.src.rpm cfme-5.8.4.5-1.el7cf.src.rpm cfme-appliance-5.8.4.5-1.el7cf.src.rpm cfme-gemset-5.8.4.5-1.el7cf.src.rpm python-paramiko-2.1.1-4.el7.src.rpm rh-ruby23-rubygem-json-2.1.0-1.el7cf.src.rpm noarch: ansible-2.4.4.0-1.el7ae.noarch.rpm python-paramiko-2.1.1-4.el7.noarch.rpm python-paramiko-doc-2.1.1-4.el7.noarch.rpm x86_64: ansible-tower-server-3.1.7-1.el7at.x86_64.rpm ansible-tower-setup-3.1.7-1.el7at.x86_64.rpm cfme-5.8.4.5-1.el7cf.x86_64.rpm cfme-appliance-5.8.4.5-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm cfme-debuginfo-5.8.4.5-1.el7cf.x86_64.rpm cfme-gemset-5.8.4.5-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-debuginfo-2.1.0-1.el7cf.x86_64.rpm rh-ruby23-rubygem-json-doc-2.1.0-1.el7cf.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1101 https://access.redhat.com/security/cve/CVE-2018-1104 https://access.redhat.com/security/cve/CVE-2018-7750 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWzD5qtzjgjWX9erEAQiK2hAAhOtZS0+zGTCALFpG25I5MaBun1/3J/CQ F54hMVV9Bn8DPlmoliZb1ilnVdjddTMGCtvh/vJhu0dK/sBUcg6ROLsz6krIwKHN nW3DPVeQzYNpOg8zkHlaTZ/8kVggaWFjl12SVv2ax7eRjviSDnquExWydcy3T+y1 aqrKDPyKHis+yPM/GjlzUXOskJwok4E0vAjCEjslrShR/RoBuoggMguVGOjzk7ti 6UN7EgpjkSNNuazIueJFNxYnO7y6+4JQr94+aEsF+em2VXZh/7kS2apM8jC8Qatt gTjVCWelv8IvqVeqrPeQokl0m08V6jhn92JpTx3Btj80cwFNfPfgbMBvX5Awc6S7 MJPXLVAjff1EsXDriQGxTZaMs8XqKZzYuLGEM1bVLtyZ4PxqAispljljo2Pt4RaR ovwVjZDludnprc/6JoNdT0QpA/kK7Q+Z6YAp4ndRRSLbpt69iuTPEKq2t0LgY7WT uy2mPTZ7G9s+V6VKlLecHYpaf1/SZp0l5/XmQ5Np0BMNBLq67/yxBkQVpl0Pyp0i 2VAahnenpQ1ReZsGISj7ijVonnh+J5f3tczs0pAhQ/kaYsBnMbxle6d8PXxzA5KR VfCYDJMM1tYIUWEGjanpImOwKZ+P+nyISTm1eMAtSvgwGXHqM527LVlW/scEz6ye zlTUMlF4Lis= =Pbnm - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWzGAmmaOgq3Tt24GAQjkdg/+MR8bOVh4QqK2QbgTUQgHNG1LOLJS9e7/ NvoY4pYjpxXPAeD7Vhwq8XIYBH24sKl7/lzlYNnqc6GfLZQISWAE5626Phebfygz i0fNogm7Z1B1LHKO+xhqAgLQzXlghv3g+Dt6AJ/L5iThzj/WbJ+bBw3uxYWasKQ4 e064tnJOJaDgoPzY5ESbRYBo+1umWtDX79XpmWRcpBF6HRVhm4xAL1tvrOQUrIpE aK7oP33qr4D+MKgfxwrHA+iiBjvXqg6GeQHlfhHbmjp5m2MZLLiNm+TUkyDX1WZb O7iul4WgU3kAbITDxTDB3apdwaEIt1+ZX/GeqNXFkEw1a/2Af2XS04ZDK5xeRfCg GNRm4+lgW1zoRD8TBjUHLuRO0NMme7NufiVAxcm5fEMw8zDZhFCtccEHMJR19CFN 0XJpycXvtSHYsPzxrB1C+FLs4CUpkAxW9IPKAfSXpTP9DJd371GCFtsnWoNiJph8 ngy31dn4Xe6fzKR+9v/uphA3OiIjZZBQ+NbQ2sMi9WQpHDuzBsvlZGmTxrKGkJVe POrYqgTKttYVsK2/AHrp17bYWPiXaZgQ11sJiFxBYR5aUHKYtYRtZ+AowWxGCNps HBitQfQ9Enn0qq0a8kDPm+CnbCun9QUK35OkdoN1DSQPJuby77RXmvT2NBGAsARS 700brSFjEBU= =Fx9l -----END PGP SIGNATURE-----