Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleCloudForms 4.7 security, bug fix and enhancement update
Informations
NameRHSA-2019:0212First vendor Publication2019-02-07
VendorRedHatLast vendor Modification2019-02-07
Severity (Vendor) N/ARevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update is now available for CloudForms Management Engine 5.10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.10 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

* rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1082155 - [RFE][S-3] Common settings for appliances in the same zone should be inherited from the region 1090627 - [RFE][L-8] Copy EVM-Super_administrator role does not actually copy all permissions 1090957 - [RFE][M-5] LifeCycle/Migrate VM does not support VMware Folder relocation 1164306 - [RFE][M-5] need script to export custom buttons 1212947 - [RFE] Openstack discovery UnderCloud Only 1314871 - [RFE][M-5] Single E-mail Variables Location 1318353 - [RFE][M-5] create custom operational alerts in cloudforms for failed/invalid logins 1326992 - [RFE][XS-2] Increase Retirement Granularity to Day and Time 1339398 - [RFE][M-5] change the AWS endpoint URL 1344589 - [RFE][S-3] Export / Import Analysis Profiles for use with Control and Compliance Profiles 1353037 - [RFE][S-3] Allow CloudForms to use only attribute "groupMembership" for LDAP 1390456 - CloudForms displays incorrect floating IP quota for OpenStack tenants 1391095 - [RFE][L-8] Replication does not support HA 1392342 - [Beta 2] In OpenStack Provider Properties, when using Provider Region, there are 2 field called Region 1394217 - [ALL LANG] Cloud Intel - Reports - Schedules 'Add a new Schedule' has untranslated entry 1394263 - UI: No gap in Drop-Down's while creating Condition 1399378 - Infrastructure provisioning template selection screen includes "Hide deprecated" checkbox and "Deprecated" column which only apply to cloud provisioning 1417215 - inappropriate value type in json communication to openstack liberty during provisioning 1418080 - After failing back over to a reintroduced node $APPLIANCE_PG_SERVICE shows as failed and appliance_console info shows Local Database Server: initialized and stopped 1426390 - Automate Simulation copy to Button doesn't work 1428003 - Issue with Image/template Select during provision 1428536 - VM Chargeback Preview Report needs better formatting 1428584 - Remove search box on Switch summary page 1428797 - some of events appear in timelines w/o "source vm" 1434762 - [RFE][M-5]Changes in evm.log & audit.log 1434918 - Orphaned Rows in vim_performance_states not being purged 1435780 - invalid values supplied when creating new policies using /api/policies doesn't result in error 1441326 - [RFE] Remove empty C&U memory graph for EC2 Availability zones for hourly interval 1441353 - Automate State machine not honoring MIQ_STOP properly 1442702 - UI: After "Edit Tags" for Network Ports navigating to Networks Provider page. 1444520 - Slow Redirection when adding cloud keypair 1445932 - [RFE] Automating the generation of widget content 1448683 - Missing flash message / any notification to user deleting cloud tenant 1450008 - SmartState Analysis on Virtual Machine throwing error in evm.log 1451300 - [Ansible Embedded][Services][Multi-Tenancy] - Multiple catalogs with the same name in the dropdown menu 1460263 - shutdown_and_exit messages get marked as error and never removed from miq_queue table 1460992 - Selected switch not highlighted on Accordion 1463555 - rhsm subscription broken if 'register to' is set to sat6 1468252 - Incorrect error message when trying to login to appliance with 'web services' role disabled 1468339 - [RFE][L-8] Integration with external Ansible Tower Workflows 1468795 - [RFE] tenant_administrator role can modify quotas of his own Tenant 1469151 - erroneous behavior of spinner and spinner box in advanced search loading 1469372 - [Text] [VM Provision] - 'Virtual Machine %{subject} has been provisioned.' 1470754 - No check before deletion of router which can't be deleted 1471948 - heat client doesn't populate correctly the "files" parameter 1472279 - [RFE] expand the api to provide more information related to infrastructure providers 1474511 - CPU / Memory and CPU usage / Memory Usage use inconsistent data 1475303 - Text Injection possible 1475891 - [Authentication] Rename Get Roles from Home Forest 1476327 - provider type not checked when creating authentications, fails with undefined method `id' for nil:NilClass 1478889 - [genealogy] CFME not detecting parent VM with Azure provider 1481840 - Services Requests not showing all requests from 30 days 1482905 - Unable to add Long Description for Playbook based Catalog Items 1486362 - [RFE] Add API call for container scanning via SmartState 1486658 - Default Container Image Rate can be deleted 1486695 - Multiple notifications when embedded ansible role fails to start 1487142 - [RFE] Add a OpenStack Provider Dashboard in Cloud (overcloud) 1487234 - Volume Deletion Button Method Not Define 1488579 - [upstream] : dynamic dropdown list can be created without providing entry point in new dialog editor 1490979 - [RFE] With CF generated keypairs for OSP, you are unable to download the Private key 1491387 - HTML5 Remote Console: CTRL+ALT+DEL button Error: "ReferenceError: sc is not defined" 1491772 - Ansible Tower: Service can be created/ordered without selecting Tower provider from dropdown list 1493788 - it's possible to add multiple shopping carts for the authenticated user 1494359 - [UPSTREAM] Unexpected error while deleting network router of cloud tenant 1494589 - reports of the count of vms by cloud tenant are off (openstack) 1495265 - [RFE] HOST_FAILURE events should be exposed in Control/Alerts 1495630 - [ALL_LANG] pagination label x-xx of xx is not localized 1495829 - UI: Same icon used for multiple options on Cloud Tenants page 1496838 - [PRD][RFE][Alerts] Add CloudForms Alerts for OpenShift Provider based on Hourly Timer 1497061 - [RFE][XS-2] Tagging cloud network, subnets, flavors, availability_zones, routers and security_group using ReST APIs 1498951 - [RFE][XS-2] Add Indian currency in cloudforms chargeback reports 1499161 - If a container image SmartState Analysis fails, the image is still marked as compliant 1500613 - [RFE][L-8] Add new region in drop down list as 'China' in Amazon EC2 Cloud provider 1501031 - ui: Request text box should be empty when changed Button type "ansible_playbook" to default 1501052 - Inconsistency between message when creating vs. deleting in dashboard widgets of Report 1501098 - Service UI not taking 'user default' language 1501114 - Custom Button icon is not disabled when button is disabled 1501147 - 'Web Console' taking incorrect IP address 1501996 - NOR doesn't use 30 days' worth of metrics 1502778 - [RFE] Add Redux for State Management 1502857 - Status inconsistency in Topology View for OpenStack provider 1503660 - UI: Proper task name should be there when initiate Provider refresh. 1504209 - Create and Restore from Backup missing from list of Cloud Volumes 1505159 - AMQP flash message not showing properly [RHOS] 1506634 - Group: 'All changes have been reset' duplication for page with tag expression 1506685 - Group: Tag fields should be empty after selecting condition 1506987 - Incorrect display of "Cloud Resource Quotas: Used" 1507667 - [RFE][M-5] Ability to add and remove AWS volumes for an instance 1507812 - [RFE] Expose the Pause/Resume Provider via API 1507916 - OpenStack services on Host page were broken by UI refactoring 1508490 - [RFE][M-5] Unable to show Automate Requests without Exposing Other Automate Tabs 1509244 - Save and Reset button disable on Volume restore form Backup Detail page 1511126 - [PRD][RFE][M-5] Ansible Next Gen - Ansible Reporting 1511171 - [RFE][XL-13] External Tower Provider - Selectively enhance with items recently added with Ansible Inside Enhancements 1511214 - EmsRefresh.update_relats_by_ids error for 'base_class' for deleted VM 1511376 - [RFE] Delete Datastores via ReST API 1512399 - Dropdown element UI issues . 1512443 - The name on the accordion doesn't match with name of title of configuration page 1512480 - Their is an extra page on start page options on setting page. 1513086 - Openstack instances have no cores but have multiple sockets 1513520 - [RFE][M-5] Support AWS S3 for CFME Backups 1513616 - Cloning repositories in Embedded Ansible within CFME without trusted SSL certificates leads to silent failure of project 1516836 - Edit page of custom button group's title ends with "MiqTemplate|" 1516895 - Inconstancy between addition vs. deletion messages of Analysis Profiles and Schedules 1518304 - Events endpoint is not shown for Network Provider 1518630 - When adding or updating an OpenStack Volume Name, Provider or target refresh is not executed 1518867 - When no image uploaded for Catalog Item, a 'T' is displayed in UI 1518926 - Inconsistent capitalization for Retirement State field 1519341 - Import/Export for Custom Reports Dialog has an unusable scroll bars 1520930 - [RFE] Newly created ec2 key pair is not downloadable 1523281 - Alert editing screen has a redundant horizontal line 1524309 - Repetitive storage volume deletion gives unexpected error 1525188 - Lenovo host status icon does not display correctly (image size) 1525237 - Tag filter missing from Physical Infrastructure Topology view 1525546 - My Orders line items should expand/collapsse when clicking anywhere on the line 1525883 - [ALL_LANG] CFME SSUI My Orders - Oder page has untranslated entries 1525922 - [ALL_LANG] User Icon - Configuration - Access Control : 'Add new group' and 'Add new role' translation issues 1525926 - [ALL_LANG] Help Icon - About : Red Hat Customer Portal needs translation 1525954 - [ja_JP] Cloud Intel - Reports - Dashboard widgets - All Widgets - Reports page title needs correction 1525973 - [ALL_LANG] Compute - Containers - Projects dashboard page has untranslated entries 1526472 - 404 Error when trying to edit VM Template Ownership 1526495 - [RFE] Requests link in Compute->Infrastructure Vertical Nav 1526553 - [ALL_LANG] CFME UI : some page titles are not localized 1527681 - [RFE][M-5] Consolidated chargeback report in global region for same tenant name across multiple subregions 1530259 - Manage policies button not yet implemented for Container Images 1530345 - Storage Volume Attached to suspended VM flash shows JSON info. 1530948 - [QEDevCollab] Delete Advanced Search Filter via REST 1530952 - [QEDevCollab] Queue Chargeback Report via REST API 1530953 - [QEDevCollab] Get Current Server Time via REST API 1531117 - EC2 items with empty Name tag have no name/id displayed 1531910 - [RFE] Add eu-west3(Paris) to default ec2 regions 1532201 - RHSM validate/save fails to save settings correctly if you click register too fast. 1532244 - Unable to get cloud_tenant value through service dialog 1533063 - [ALL_LANG] Optimize - Bottlenecks : Bottlenecks Summary page has untranslated entries 1533093 - [ALL_LANG] Compute - Containers - Container Images : image summary page has untranslated entries 1533284 - Remove 'Include C&U metrics' option for Metering Reports 1533671 - Remove 'Storage Total' field from Chargeback Preview reports 1533728 - [RFE][L-8]Ability to attach ISO in UI dropdown for VMware vSphere 1535177 - [RFE][M-5] "Out of memory worker exceeded" verbosity for end user 1535179 - [RFE][S-3] CloudForms UI log collection to have option to collect automate model & service dialogs 1535229 - [RFE] Retirements Need a Unique Service ID in Logs and Web UI 1535237 - [RFE][S-3] Log the Worker ID of the Previous Appliance/Process that Executed an Automate Task 1535345 - [RFE][S-3] Include option to take database dump from appliance_console menu 1536144 - [RFE] [Ansible Embedded] - Data in 'Updated on' column are not changing after repo refresh 1536452 - Advanced search present in Config mgmt Providers page 1536524 - [RFE][M-5] Need a way to change adv config settings on other appliances via the UI 1536625 - Filters saved in workloads are not displayed until page refresh 1536711 - Inconsistent units for disk size for Azure instances 1537493 - [QEDevCollab] Components in add new automate domain form causing test automation failures 1538058 - [RFE] RabbitMQ durable queues lead to fail of event handler for OpenStack AMQP 1538087 - [ALL_LANG] Notification Icon : untranslated entry 1538109 - [ALL_LANG] User Icon - Configuration - Settings - CFME Region: Region xx[xx] - Tags - Import Tags : text truncation issue 1538825 - [RFE] Add further checks when validating OpenStack Platform Director providers 1539370 - remove container statuses table from pod summary page 1539379 - [RFE] add API to assign alert profiles to the enterprise 1540254 - unable to access the metric_rollups subcollection 1540283 - Some of EC2 security groups record values are not displayed correctly 1540684 - [RHOS][UI] - Physical Network field visible for all types of networks 1540692 - [UI][RHOS][RFE] - Show only supported provider network types in dropdown list 1540894 - API: edit action is repeated in response of GET custom button 1542907 - Custom button dialog submission/cancellation hides seachbar and accordion bar from redirected cloud tentant page 1543289 - Started column showing the same date as in Queued column in Tasks table 1544317 - Error in evm log when clicked on Download pdf button of Template 1544344 - Storage Volume Status problem 1544854 - Setup fails for HA standby node using appliance_console_cli 1545147 - While creating SNS topic exception in log 1545296 - View selector of All Generic Objects page not working except default 1545322 - Metrics capture logs errors for NetworkPort without ems_ref on Undercloud Network provider 1545401 - [RFE][S-3] Report admin role for reporting access 1545520 - domain id flash message with JSON 1545835 - wrong generic object definition toolbar when details displayed 1546864 - Remove vim_performance_tag_values table 1547740 - [RFE] Deleting a cloud provider does not clean up associated cloud tenant and group. 1549076 - [RHV] VM reconfigure dialog: Disks table: Delete backing, Bootable yes/no buttons are split. 1549123 - Targeted refresh targets can grow unbounded causing Postgres InternalError 1549658 - [RFE] Support RestAPI Primary Collection for Container Pods 1550008 - [RFE] - CFME storage - add an option to create a new volume choosing disk type 1550493 - Advanced Search present in Ansible Tower Providers page 1550641 - Report Menus Editor: Selected node in the tree is not displayed as selected inside editor, tree should be disabled during edit 1551273 - [RHV] Smart state analysis task succeed, however the packages are not collected for the CFME VM. 1552064 - [RFE] - Button overflow at all custom button object types after multiple buttons added on screen 1553157 - Cannot delete multiple Policies 1553833 - [RFE][M-5] Dynamic sysprep provisioning parameters for rhv deployments through cloudforms 1554809 - Notification Drawer size is not responsive on SSUI 1557363 - The "Total memory (mb)" property is displaying the amount in gigabytes instead of megabytes 1557968 - Non-navigatable page available in start at login drop down 1558620 - GTL toolbar missing for Block Storage Managers 1559184 - [RFE][L-8] Ability to rename VMs from UI 1559422 - Edit and Save of Satellite Provider doesn't return to All Configuration Manager Providers page 1559957 - Cannot Remove the VMRC Console Credentials from VMware Provider 1560479 - custom css file cleared after upgrade/update 1560527 - Restricted user get 'Cannot read property 'href' of undefined' while adding credentials 1560530 - [Ansible Tower] - fix typo in flash message 1560535 - Add repository, Create service item: not available for restricted user 1560679 - Satellite provider name change is not updated in accordion 1560691 - C&U collection throws exceptions for VMs getting archived 1561160 - SUI: Incorrect 'Available' value for CD/DVD on VM Details page 1561167 - [RFE][S-3] Excluding 'Last Analysis' field from Drift Workload Section 1561180 - upstream : Unable to add openshift provider with metrics ON as metrics validation never enables. 1561609 - [RFE][S-3] Display the VMware PortGroup attached to a specific VM/instance 1561627 - OpenStack Infra with bad credential flash shows JSON 1561646 - RFE - Azure Provider - Blacklist deployments_exportTemplate events 1561698 - When logged in as non-admin user, access control role name updates are not updated in the Access Control accordion until after a manual refresh 1561937 - Targeted refresh not working for ec2 ebs snapshots 1561959 - [RFE][S-3] Add OpenSCAP Title and CVE references into CloudForms database 1562062 - Newest EC2 t2 instance types are missing in CFME 1562828 - When creating a new user with a mismatched password, incorrect "Name/Userid can't be blank" message is also displayed 1562956 - All replication operations should be queued 1563311 - After selecting filter basic search is cleared in datastores 1563316 - Control explorer policies search clear button not working correctly 1563867 - [RFE] Need safer way to control which hosts are used for running an Ansible Job Template from CloudForms. 1564199 - Wrong default value for "Run" field on Editing Widget screen 1564495 - Quota - Azure requested storage value differs from flavor image and from provisioned VM storage. 1565019 - Subnet cidr field is not marked as required when adding a new subnet 1565208 - Reporting worker logs error when generating or displaying Guest OS Information widget report 1565235 - Support Custom buttons for more object types 1565266 - RBAC-related warnings logged when viewing Satellite provider in web UI 1565620 - [RFE] [Lenovo] Improve hostname validation 1565621 - [RFE][Lenovo] Parsing disk capacity of the physical server 1565628 - [RFE][Lenovo] Change the way that network device details are displayed 1565629 - [RFE][Lenovo] Showing authentication status in Physical Provider list 1565631 - [RFE][Lenovo] Implementing change password view 1565634 - [RFE][Lenovo] Adding Rack to provider's topology 1565635 - [RFE][Lenovo] Create a Rack list and Rack page 1565636 - [RFE][Lenovo] Create a toolbar for PhysicalRack 1565637 - [RFE][Lenovo] Adding switches list page 1565640 - [RFE][Lenovo] Adding switches show page 1565642 - [RFE][Lenovo] Add physical server dashboard widgets 1565763 - [VMWare]Sysprep customization doesn't start 1565791 - [RFE] [Azure] Sysprep Windows Templates 1566615 - Unable to use special characters in HTTPS proxy field when adding/validating container provider 1568073 - Custom service attribute does not show in the ops UI 1568077 - Retirement: Remove resources switches switches back to "no" if ansible is used for retirement 1568687 - Incorrect type description for RHV credential 1568805 - [RFE] Use our own Ruby instead of relying on the one in SCL 1569437 - [RFE][PRD][XL-13] V2V: From Vmware to OpenStack 1569452 - [RFE][PRD][S-3] Google Cloud backup of Cinder 1570044 - [RFE][PRD][KubeVirt] Detect/Add CNV Provider from CloudForms 1570121 - [RFE][PRD][KubeVirt] View VM from CloudForms 1570123 - [RFE][PRD][KubeVirt] Power management of the VM in CloudForms 1570128 - [RFE][PRD][KubeVirt] Create VM from template in CFME 1570561 - [RFE][PRD] Support for Ansible 2.6 1571223 - [upstream][v2v] Manage IQ performs slowly over remote site 1571610 - [RFE][PRD] As an operator, I want to see all cabinets (chassis enclosures). 1571614 - Service 'Order' button is colored Gray (Looks inactive). 1572350 - [RFE] Allow custom session logging size when generating reports to prevent WARN statements unnecessarily 1572376 - [RFE] Support for Microsoft Azure Germany and compatibility 1572793 - Frequent "AH01574: module ssl_module is already loaded, skipping" in journal 1573566 - [RFE][Lenovo] Adding ability to parse switch details in the Lenovo Provider 1573568 - [RFE][Lenovo] Adding ability to parse expanded PCI device and embedded device details 1573570 - [RFE][Lenovo] Adding ability to parse blade chassis details 1573572 - [RFE][Lenovo] Adding ability to parse storage adapter details 1573574 - [RFE][Lenovo] Adding ability to parse storage adapter details firmware 1573575 - [RFE][Lenovo] Adding ability to parse physical rack details 1573576 - [RFE][Lenovo] Adding ability to parse physical network device vlan and port details 1573578 - [RFE][Lenovo] Add a physical rack to the topology 1573580 - [RFE][Lenovo] Adapt Network devices page to new ports relationship 1573581 - [RFE][Lenovo] Add a dashboard view for the physical infra provider 1573591 - [RFE][Lenovo] Create a REST API for configuration pattern deployment 1573594 - [RFE][Lenovo] Create a REST API to retrieve configuration pattern 1573596 - [RFE][Lenovo] Create a REST API to retrieve chassis details 1573607 - [RFE][Lenovo] Create a REST API for storage adapter details 1573614 - [RFE][Lenovo] Add ability to parse firmware compliance details 1573616 - [RFE][Lenovo] Add ability to show resource firmware compliance details 1574029 - CFME image for EC2 is not booting when using newer instance types(c5): dracut-initqueue: Warning: Could not boot. 1574403 - 404 Not Found: When dialog submitted via custom button from datastore object with method and dialog both attached 1574444 - vm.storage only returns one storage id instead of list of storage ids that are associated with VM object. 1574488 - Remote console popup is being stored in the session 1574638 - Refresh button is displayed in request page 1574808 - [RFE][PRD] As an operator, I want to see all systems 1574809 - [RFE][PRD] As an operator, I want to be able to navigate between cabinets and systems 1574810 - [RFE][PRD] As an operator, I want to see the physical resources of a system (such as CPU, RAM) 1574813 - [RFE][PRD] As an operator, I want to be able to check the current status of all systems 1574816 - [RFE][PRD] As an operator, I want to be able power on a system 1574817 - [RFE][PRD] As an operator, I want to be able to power off a system 1574818 - [RFE][PRD] As an operator, I want to be able to reboot a system 1574820 - [RFE][PRD] As an operator, I want to be able turn on system LED 1574821 - [RFE][PRD] As an operator, I want to be able to turn off a system LED 1574828 - [RFE][PRD] As an operator, I want to be able to enable event catcher service for Redfish provider 1574829 - [RFE][PRD] As an operator, I want to be able trigger automation methods based on received events 1574830 - [RFE][PRD] As an operator, I want to be able see the events on the provider's timeline 1575773 - Azure targeted refresh: VM remains in inventory after delete event received 1576457 - [RFE] Add configuratble vhost to AMQP monitor 1576561 - [RFE] Use VMware WaitForUpdates directly to save inventory 1576922 - Persistent Volumes Report outputs Capacity in hash 1576984 - [RFE] Advanced settings - ability to reset to default value, delete newly added keys 1578792 - SSA performed on RHEL VM counts duplicate services 1579031 - Fix servicetemplateprovisionrequest_denied approver_href method. 1579753 - Quick search part of the title from different view is displayed on Flavor Summary page 1579934 - xClarity: Error while execute refresh of a provider with invalid credentials 1581288 - [RFE] Service Dialogs - Calculate Quota for instance_type dialog override. 1581652 - [RFE][AZURE] List of available regions available for subscription 1582212 - [RFE][Lenovo] Adding Physical Switches support to the API 1583017 - [RFE] Display the Virtual NIC Driver information attached to a specific VM/instance 1583175 - Save button still enabled if no change while editing Chargeback Rate 1583754 - [RFE] Snapshot field for EC2 instances non-functional 1584172 - [Upstream] Unexpected error on requests page 1585218 - CVE-2018-11627 rubygem-sinatra: XSS in the 400 Bad Request page 1585569 - UI: Cockpit- Access denied error after clicking on Cloud Intel Menu 1585689 - [RFE][Lenovo] Setting different colors for physical infra components on topology view 1586176 - [RFE][XS-2] Include file splitting for dumps/backups in appliance_console menu 1586186 - [RFE][XS-2] Include table exclusions for database dumps in appliance_console menu 1586187 - [RFE][S-3] Allow database dumps/backups to be uploaded to an FTP target 1588072 - [RFE] Client-side printing/export to PDF to support angular/react components 1588189 - [RFE] Provider operations with playbooks - create run_ansible_queue method in core 1589009 - Duplicate groups listed when setting ownership for multiple vms 1589065 - Forbidden to read the project: admin, for collection type: stack 1589261 - [RFE] Provider operations with playbooks - pluggable UI for button that can be defined by provider dev and lives with the provider repo 1589265 - [RFE][v2v] V2V should differentiate whether logs are moved or not generated 1590288 - [RFE] Add EC2 M5d and C5d instance types to CFME 1590440 - [RFE][L-8] Integration with external Ansible Tower Workflows - Backend 1590441 - [RFE][L-8] Integration with external Ansible Tower Workflows - UI 1590764 - Button group is shown in self-service portal even when no buttons or rights are assigned 1590840 - [RFE] Ansible Tower - Link to playbook logging returned to service 1590844 - [RFE] Ansible Tower - Link to playbook execution data 1590975 - [RFE][L-8] Integration with external Ansible Tower Workflows - Automate 1592573 - Default dialog entries not localized when ordering catalog item in French 1592891 - [RFE] [V2V] Extend the virt-v2v-wrapper for OpenStack 1592897 - [RFE] [V2V] Set OpenStack conversion VM tags in CF for VM identification 1592898 - [RFE] Collect Cinder volume types and display it in CloudForms 1592900 - [RFE] [V2V] Add Cinder volume types to CF OpenStack provider 1593663 - cannot add rhos provider with amqp settings. credential validation fails with error "undefined method `strip' for nil:NilClass" 1593760 - [RFE] Make cards on the top of Migration page clickable 1594196 - [v2v][RFE] Ability to limit the number of concurrent migrations (throttling) 1594469 - Dialog options are missing when using a custom button and dialog on GenericObject instance 1594757 - [RFE] non-admin user can't see requests under /api/requests 1595149 - dro.destroy: not removed from service 1595583 - Number of instances shows one more than actual value in Networks>subnets 1596136 - User with Edit Tags for Catalog Items unable to Edit Tags and No Error shown 1596143 - [v2v] vm name with punycode international characters fails while migration 1596172 - [Ansible Embedded][UI] - Footer will disappear from Playbooks page after clicking on 'Download as ...' 1596266 - [RBAC] - Groups created by tenant admin are not visible to tenant admin 1597802 - Mislabeled entries for Dropdown element in Dialog Editor 1597914 - [RFE] Support Custom buttons for more object types (See description for list) 1599798 - [RFE] Provider operations with playbooks - Use ansible-runner instead of ansible-playbook 1599868 - [RFE] - ability to edit an existing migration plan 1599997 - [RFE] Update WeightedUpdateStatus to handle task cancellation and cleanup 1600678 - Flavor: Toolbar buttons do not work when viewing list of instances for a specific Flavor 1601523 - orchestration link mismatch 1601590 - Incorrect chargeback metric values displayed for recently created vsphere vm 1602136 - [RFE] Raise event in CloudForms when new external logins are auto-created for the first time 1602413 - error 403 trying to use action refresh on a provider as non-admin user with api and refresh permissions granted 1602848 - When double clicking save, breaks service dialog 1602883 - Custom Buttons - When using protected fields, variables are not decrypted when passed to playbook 1605210 - Unable to create an operational RHV provider using the REST API. 1608554 - When a role has Operate on Service Requests, shows all requests in UI but not API 1609564 - [RFE] Set flavor access to project 1609905 - Debug logging spams evm.log with deprecation warnings 1609924 - [RFE] Multi-level dependency resolving with embedded method 1610299 - [RFE] Provide ability to supply dashboards for specific group 1610768 - [RFE] Include latest version of python-ovirt-engine-sdk4 into the appliance 1610798 - [RFE] Include latest version of ovirt-ansible-roles package and it dependencies into the appliance 1612002 - Tasks in notification drawer is empty and not usable 1613848 - [v2v][RFE] Option for setting concurrent migrations 1614006 - CloudForms VMware OVA Appliance Displays Incorrect Operating System 1614369 - [RFE] Service Dialog: Disable the 'Single value' switch in Tag Control when not applicable 1614918 - [RFE] Create a tool to track requests to puma so that when users get 502 errors, the logs tell us exactly which request timed out 1615444 - The /System/Request/ansible_tower_job instance still calls the deprecated /ConfigurationManagement/AnsibleTower/Operations/StateMachines/Job/default method 1615488 - [RFE] Support OpenStack Swift for CFME Backups 1616201 - Report view limit not working 1618743 - Misleading wording in UI for editing domain(s) 1618813 - [v2v] Text should be wrapped in popover properly 1618844 - [v2v] Red Cross Symbol in front of Plan Name for Plan that is not even started 1619298 - GCE instances not created preemptible 1619678 - cloud network nor key pairs are eligible for MIQ Expression 1619744 - Provisioning a VM on GCE produces errorneous requests 1620161 - issuing vm_reconfigure disk_remove via rest-api FAILS (WORKAROUND AVAILABLE) 1620228 - [RFE] [v2v] - Add CloudVolumeType to API 1620287 - Service Dialog Create - TextArea Entry Point not displaying correct text 1621888 - Cannot add Ansible Tower through API if using self signed cert 1623072 - [RFE] Apply right-size recommendations during migration 1623094 - [RFE] EC2 T3 instance types are missing in CFME 1623862 - GCE provider doesn't respect the http_proxy configuration to connect to the remote 1625320 - raise_retirement_event log message should include the requester information 1626005 - Appliance won't start with database connection failure at seeding 1627284 - Disk Size Filter for Report Only Allows Bytes as Size of Disk 1628726 - [RFE] - Containers Overview page Status cards do not load without provider 1629900 - [RFE][Lenovo] Add Storage unit detail with storage canister information 1629903 - [RFE][Lenovo] Add overview page for all physical infrastructure providers 1629905 - xClarity: LXCA events cause large increases in log/db size due to event collection 1630801 - [RFE] Include latest Version of Python libraries: Bambou & vspk 1632355 - [RFE] Add support for VMware to OpenStack migration 1632844 - [NoMethodError]: undefined method `create_snapshot' for VM in Global Region 1633526 - Virt-v2v is killed with SIGKILL instead of SIGTERM 1634029 - Move Automate code for conversion hosts to backend 1634673 - [RFE] Access reports based on roles 1635026 - [RFE] cloud_ds_check.sh should include --max-time for curl, or TimeoutSec= in cloud-ds-check.service 1636182 - [RFE] Add EC2 f1.4xlarge flavor to CFME 1636547 - [RFE] Move appliance from apache module mod_auth_kerb to mod_auth_gssapi 1637609 - Link in the alert for infrastructure provider leads to Containers Providers page with an error 1638502 - Retirement Requester not populated after retirement 1638508 - [RFE] Delete a Migration Plan 1638527 - [RFE] Two Small Usability Enhancements to the Plan Details Page 1638853 - [RFE] Edit an Infrastructure Mapping 1640275 - [RFE] Remove Infrastructure Mappings from Overview Page 1640279 - [RFE] A stray "0" character appears after the associated mapping name on a plan with no schedule 1640362 - [RFE] Schedule button is disabled despite date/time picker showing valid selection 1640594 - [RFE] Use migration plan status cards as selection controls 1640718 - [RFE] Azure log is hard to read, no new lines, no logging level 1640779 - [RFE] User wants to change the scheduled time of a migration plan 1642175 - [RFE] Add sorting, filtering and pagination to Migration Plan list views 1642464 - [RFE] Auto select displayed migration plans 1642495 - [RFE] [Schedule Migration] Console error when editing a schedule that is less than 2 minutes in the future 1643148 - All SCAP rules not applied after upgrading to RHEL 7.6 1643290 - [RFE] [Code Cleanup] Deduplicate filter/sort/pagination elements into ListViewToolbar renderers 1643610 - [RFE] Link directly from the Overview page to the Infrastructure Mappings page 1644310 - Cannot add volume when navigated from ec2 block storage provider relationships 1644351 - Quota for vm_reconfigure disk_remove fails sometimes 1644802 - [RFE] Migration Plan list views no longer allow vertical scrolling 1645168 - [RFE] [Edit Migration Plan] Allow changing the associated infrastructure mapping 1645629 - [RFE] Add warning if Mapping changes when editing a plan 1645714 - [RFE] [Code Cleanup] Incorporate filtering/sorting/pagination abstraction with PlanRequestDetailList 1646657 - [RFE] filterFieldTypeMenu button should have unique `Name` 1646905 - Quote not allowed in button name 1647013 - Password field is locked and blank in log depot settings after changing log depot type 1647234 - [RFE] [Code Cleanup] Incorporate filtering/sorting/pagination abstraction with PlanVmsList 1649799 - Setting the memory threshold for the Refresh worker in the WebUI configures the wrong value in the configuration yaml 1649806 - Validation for GCE Provider Returns No Success/Failure in ManageIQ Hammer 1-rc1 1651241 - Emails not validated on Schedules and Alerts add/edit form 1653169 - Update UI tooltip for Infrastructure Mapping warning icon 1653709 - A user with the role operator can't view datastores through Provider page 1653796 - widget description in the page title 1654385 - [RFE] Add warning to mapping wizard when no OSP conversion hosts are present 1654828 - [RFE] Remove unreliable links to product documentation 1655012 - Custom roles are not updating with required changes in product feature tree 1655163 - [v2v][RFE] Editing an OSP mapping with public networks causes errors in Networks step of mapping wizard 1655174 - [v2v][RFE] Rename the "Overview" page to "Migration Plans" 1656961 - [RFE] Settings: enforce a minimum of 1 migration per conversion host 1663031 - Empty image appears next to fired alert on Monitor->Alerts->All Alerts page

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-0212.html

CWE : Common Weakness Enumeration

%idName
100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application86

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-3f61c5cf7c.nasl - Type : ACT_GATHER_INFO
2018-08-02Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ca05d9daac1d41138a05ffe9cd0d6160.nasl - Type : ACT_GATHER_INFO
2018-06-25Name : The remote Fedora host is missing a security update.
File : fedora_2018-0b17e1e529.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-02-09 13:18:39
  • First insertion