Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
TitleCloudForms 4.7 security, bug fix and enhancement update
NameRHSA-2019:0212First vendor Publication2019-02-07
VendorRedHatLast vendor Modification2019-02-07
Severity (Vendor) N/ARevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Problem Description:

An update is now available for CloudForms Management Engine 5.10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.10 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

* rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:


If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1082155 - [RFE][S-3] Common settings for appliances in the same zone should be inherited from the region 1090627 - [RFE][L-8] Copy EVM-Super_administrator role does not actually copy all permissions 1090957 - [RFE][M-5] LifeCycle/Migrate VM does not support VMware Folder relocation 1164306 - [RFE][M-5] need script to export custom buttons 1212947 - [RFE] Openstack discovery UnderCloud Only 1314871 - [RFE][M-5] Single E-mail Variables Location 1318353 - [RFE][M-5] create custom operational alerts in cloudforms for failed/invalid logins 1326992 - [RFE][XS-2] Increase Retirement Granularity to Day and Time 1339398 - [RFE][M-5] change the AWS endpoint URL 1344589 - [RFE][S-3] Export / Import Analysis Profiles for use with Control and Compliance Profiles 1353037 - [RFE][S-3] Allow CloudForms to use only attribute "groupMembership" for LDAP 1390456 - CloudForms displays incorrect floating IP quota for OpenStack tenants 1391095 - [RFE][L-8] Replication does not support HA 1392342 - [Beta 2] In OpenStack Provider Properties, when using Provider Region, there are 2 field called Region 1394217 - [ALL LANG] Cloud Intel - Reports - Schedules 'Add a new Schedule' has untranslated entry 1394263 - UI: No gap in Drop-Down's while creating Condition 1399378 - Infrastructure provisioning template selection screen includes "Hide deprecated" checkbox and "Deprecated" column which only apply to cloud provisioning 1417215 - inappropriate value type in json communication to openstack liberty during provisioning 1418080 - After failing back over to a reintroduced node $APPLIANCE_PG_SERVICE shows as failed and appliance_console info shows Local Database Server: initialized and stopped 1426390 - Automate Simulation copy to Button doesn't work 1428003 - Issue with Image/template Select during provision 1428536 - VM Chargeback Preview Report needs better formatting 1428584 - Remove search box on Switch summary page 1428797 - some of events appear in timelines w/o "source vm" 1434762 - [RFE][M-5]Changes in evm.log & audit.log 1434918 - Orphaned Rows in vim_performance_states not being purged 1435780 - invalid values supplied when creating new policies using /api/policies doesn't result in error 1441326 - [RFE] Remove empty C&U memory graph for EC2 Availability zones for hourly interval 1441353 - Automate State machine not honoring MIQ_STOP properly 1442702 - UI: After "Edit Tags" for Network Ports navigating to Networks Provider page. 1444520 - Slow Redirection when adding cloud keypair 1445932 - [RFE] Automating the generation of widget content 1448683 - Missing flash message / any notification to user deleting cloud tenant 1450008 - SmartState Analysis on Virtual Machine throwing error in evm.log 1451300 - [Ansible Embedded][Services][Multi-Tenancy] - Multiple catalogs with the same name in the dropdown menu 1460263 - shutdown_and_exit messages get marked as error and never removed from miq_queue table 1460992 - Selected switch not highlighted on Accordion 1463555 - rhsm subscription broken if 'register to' is set to sat6 1468252 - Incorrect error message when trying to login to appliance with 'web services' role disabled 1468339 - [RFE][L-8] Integration with external Ansible Tower Workflows 1468795 - [RFE] tenant_administrator role can modify quotas of his own Tenant 1469151 - erroneous behavior of spinner and spinner box in advanced search loading 1469372 - [Text] [VM Provision] - 'Virtual Machine %{subject} has been provisioned.' 1470754 - No check before deletion of router which can't be deleted 1471948 - heat client doesn't populate correctly the "files" parameter 1472279 - [RFE] expand the api to provide more information related to infrastructure providers 1474511 - CPU / Memory and CPU usage / Memory Usage use inconsistent data 1475303 - Text Injection possible 1475891 - [Authentication] Rename Get Roles from Home Forest 1476327 - provider type not checked when creating authentications, fails with undefined method `id' for nil:NilClass 1478889 - [genealogy] CFME not detecting parent VM with Azure provider 1481840 - Services Requests not showing all requests from 30 days 1482905 - Unable to add Long Description for Playbook based Catalog Items 1486362 - [RFE] Add API call for container scanning via SmartState 1486658 - Default Container Image Rate can be deleted 1486695 - Multiple notifications when embedded ansible role fails to start 1487142 - [RFE] Add a OpenStack Provider Dashboard in Cloud (overcloud) 1487234 - Volume Deletion Button Method Not Define 1488579 - [upstream] : dynamic dropdown list can be created without providing entry point in new dialog editor 1490979 - [RFE] With CF generated keypairs for OSP, you are unable to download the Private key 1491387 - HTML5 Remote Console: CTRL+ALT+DEL button Error: "ReferenceError: sc is not defined" 1491772 - Ansible Tower: Service can be created/ordered without selecting Tower provider from dropdown list 1493788 - it's possible to add multiple shopping carts for the authenticated user 1494359 - [UPSTREAM] Unexpected error while deleting network router of cloud tenant 1494589 - reports of the count of vms by cloud tenant are off (openstack) 1495265 - [RFE] HOST_FAILURE events should be exposed in Control/Alerts 1495630 - [ALL_LANG] pagination label x-xx of xx is not localized 1495829 - UI: Same icon used for multiple options on Cloud Tenants page 1496838 - [PRD][RFE][Alerts] Add CloudForms Alerts for OpenShift Provider based on Hourly Timer 1497061 - [RFE][XS-2] Tagging cloud network, subnets, flavors, availability_zones, routers and security_group using ReST APIs 1498951 - [RFE][XS-2] Add Indian currency in cloudforms chargeback reports 1499161 - If a container image SmartState Analysis fails, the image is still marked as compliant 1500613 - [RFE][L-8] Add new region in drop down list as 'China' in Amazon EC2 Cloud provider 1501031 - ui: Request text box should be empty when changed Button type "ansible_playbook" to default 1501052 - Inconsistency between message when creating vs. deleting in dashboard widgets of Report 1501098 - Service UI not taking 'user default' language 1501114 - Custom Button icon is not disabled when button is disabled 1501147 - 'Web Console' taking incorrect IP address 1501996 - NOR doesn't use 30 days' worth of metrics 1502778 - [RFE] Add Redux for State Management 1502857 - Status inconsistency in Topology View for OpenStack provider 1503660 - UI: Proper task name should be there when initiate Provider refresh. 1504209 - Create and Restore from Backup missing from list of Cloud Volumes 1505159 - AMQP flash message not showing properly [RHOS] 1506634 - Group: 'All changes have been reset' duplication for page with tag expression 1506685 - Group: Tag fields should be empty after selecting condition 1506987 - Incorrect display of "Cloud Resource Quotas: Used" 1507667 - [RFE][M-5] Ability to add and remove AWS volumes for an instance 1507812 - [RFE] Expose the Pause/Resume Provider via API 1507916 - OpenStack services on Host page were broken by UI refactoring 1508490 - [RFE][M-5] Unable to show Automate Requests without Exposing Other Automate Tabs 1509244 - Save and Reset button disable on Volume restore form Backup Detail page 1511126 - [PRD][RFE][M-5] Ansible Next Gen - Ansible Reporting 1511171 - [RFE][XL-13] External Tower Provider - Selectively enhance with items recently added with Ansible Inside Enhancements 1511214 - EmsRefresh.update_relats_by_ids error for 'base_class' for deleted VM 1511376 - [RFE] Delete Datastores via ReST API 1512399 - Dropdown element UI issues . 1512443 - The name on the accordion doesn't match with name of title of configuration page 1512480 - Their is an extra page on start page options on setting page. 1513086 - Openstack instances have no cores but have multiple sockets 1513520 - [RFE][M-5] Support AWS S3 for CFME Backups 1513616 - Cloning repositories in Embedded Ansible within CFME without trusted SSL certificates leads to silent failure of project 1516836 - Edit page of custom button group's title ends with "MiqTemplate|" 1516895 - Inconstancy between addition vs. deletion messages of Analysis Profiles and Schedules 1518304 - Events endpoint is not shown for Network Provider 1518630 - When adding or updating an OpenStack Volume Name, Provider or target refresh is not executed 1518867 - When no image uploaded for Catalog Item, a 'T' is displayed in UI 1518926 - Inconsistent capitalization for Retirement State field 1519341 - Import/Export for Custom Reports Dialog has an unusable scroll bars 1520930 - [RFE] Newly created ec2 key pair is not downloadable 1523281 - Alert editing screen has a redundant horizontal line 1524309 - Repetitive storage volume deletion gives unexpected error 1525188 - Lenovo host status icon does not display correctly (image size) 1525237 - Tag filter missing from Physical Infrastructure Topology view 1525546 - My Orders line items should expand/collapsse when clicking anywhere on the line 1525883 - [ALL_LANG] CFME SSUI My Orders - Oder page has untranslated entries 1525922 - [ALL_LANG] User Icon - Configuration - Access Control : 'Add new group' and 'Add new role' translation issues 1525926 - [ALL_LANG] Help Icon - About : Red Hat Customer Portal needs translation 1525954 - [ja_JP] Cloud Intel - Reports - Dashboard widgets - All Widgets - Reports page title needs correction 1525973 - [ALL_LANG] Compute - Containers - Projects dashboard page has untranslated entries 1526472 - 404 Error when trying to edit VM Template Ownership 1526495 - [RFE] Requests link in Compute->Infrastructure Vertical Nav 1526553 - [ALL_LANG] CFME UI : some page titles are not localized 1527681 - [RFE][M-5] Consolidated chargeback report in global region for same tenant name across multiple subregions 1530259 - Manage policies button not yet implemented for Container Images 1530345 - Storage Volume Attached to suspended VM flash shows JSON info. 1530948 - [QEDevCollab] Delete Advanced Search Filter via REST 1530952 - [QEDevCollab] Queue Chargeback Report via REST API 1530953 - [QEDevCollab] Get Current Server Time via REST API 1531117 - EC2 items with empty Name tag have no name/id displayed 1531910 - [RFE] Add eu-west3(Paris) to default ec2 regions 1532201 - RHSM validate/save fails to save settings correctly if you click register too fast. 1532244 - Unable to get cloud_tenant value through service dialog 1533063 - [ALL_LANG] Optimize - Bottlenecks : Bottlenecks Summary page has untranslated entries 1533093 - [ALL_LANG] Compute - Containers - Container Images : image summary page has untranslated entries 1533284 - Remove 'Include C&U metrics' option for Metering Reports 1533671 - Remove 'Storage Total' field from Chargeback Preview reports 1533728 - [RFE][L-8]Ability to attach ISO in UI dropdown for VMware vSphere 1535177 - [RFE][M-5] "Out of memory worker exceeded" verbosity for end user 1535179 - [RFE][S-3] CloudForms UI log collection to have option to collect automate model & service dialogs 1535229 - [RFE] Retirements Need a Unique Service ID in Logs and Web UI 1535237 - [RFE][S-3] Log the Worker ID of the Previous Appliance/Process that Executed an Automate Task 1535345 - [RFE][S-3] Include option to take database dump from appliance_console menu 1536144 - [RFE] [Ansible Embedded] - Data in 'Updated on' column are not changing after repo refresh 1536452 - Advanced search present in Config mgmt Providers page 1536524 - [RFE][M-5] Need a way to change adv config settings on other appliances via the UI 1536625 - Filters saved in workloads are not displayed until page refresh 1536711 - Inconsistent units for disk size for Azure instances 1537493 - [QEDevCollab] Components in add new automate domain form causing test automation failures 1538058 - [RFE] RabbitMQ durable queues lead to fail of event handler for OpenStack AMQP 1538087 - [ALL_LANG] Notification Icon : untranslated entry 1538109 - [ALL_LANG] User Icon - Configuration - Settings - CFME Region: Region xx[xx] - Tags - Import Tags : text truncation issue 1538825 - [RFE] Add further checks when validating OpenStack Platform Director providers 1539370 - remove container statuses table from pod summary page 1539379 - [RFE] add API to assign alert profiles to the enterprise 1540254 - unable to access the metric_rollups subcollection 1540283 - Some of EC2 security groups record values are not displayed correctly 1540684 - [RHOS][UI] - Physical Network field visible for all types of networks 1540692 - [UI][RHOS][RFE] - Show only supported provider network types in dropdown list 1540894 - API: edit action is repeated in response of GET custom button 1542907 - Custom button dialog submission/cancellation hides seachbar and accordion bar from redirected cloud tentant page 1543289 - Started column showing the same date as in Queued column in Tasks table 1544317 - Error in evm log when clicked on Download pdf button of Template 1544344 - Storage Volume Status problem 1544854 - Setup fails for HA standby node using appliance_console_cli 1545147 - While creating SNS topic exception in log 1545296 - View selector of All Generic Objects page not working except default 1545322 - Metrics capture logs errors for NetworkPort without ems_ref on Undercloud Network provider 1545401 - [RFE][S-3] Report admin role for reporting access 1545520 - domain id flash message with JSON 1545835 - wrong generic object definition toolbar when details displayed 1546864 - Remove vim_performance_tag_values table 1547740 - [RFE] Deleting a cloud provider does not clean up associated cloud tenant and group. 1549076 - [RHV] VM reconfigure dialog: Disks table: Delete backing, Bootable yes/no buttons are split. 1549123 - Targeted refresh targets can grow unbounded causing Postgres InternalError 1549658 - [RFE] Support RestAPI Primary Collection for Container Pods 1550008 - [RFE] - CFME storage - add an option to create a new volume choosing disk type 1550493 - Advanced Search present in Ansible Tower Providers page 1550641 - Report Menus Editor: Selected node in the tree is not displayed as selected inside editor, tree should be disabled during edit 1551273 - [RHV] Smart state analysis task succeed, however the packages are not collected for the CFME VM. 1552064 - [RFE] - Button overflow at all custom button object types after multiple buttons added on screen 1553157 - Cannot delete multiple Policies 1553833 - [RFE][M-5] Dynamic sysprep provisioning parameters for rhv deployments through cloudforms 1554809 - Notification Drawer size is not responsive on SSUI 1557363 - The "Total memory (mb)" property is displaying the amount in gigabytes instead of megabytes 1557968 - Non-navigatable page available in start at login drop down 1558620 - GTL toolbar missing for Block Storage Managers 1559184 - [RFE][L-8] Ability to rename VMs from UI 1559422 - Edit and Save of Satellite Provider doesn't return to All Configuration Manager Providers page 1559957 - Cannot Remove the VMRC Console Credentials from VMware Provider 1560479 - custom css file cleared after upgrade/update 1560527 - Restricted user get 'Cannot read property 'href' of undefined' while adding credentials 1560530 - [Ansible Tower] - fix typo in flash message 1560535 - Add repository, Create service item: not available for restricted user 1560679 - Satellite provider name change is not updated in accordion 1560691 - C&U collection throws exceptions for VMs getting archived 1561160 - SUI: Incorrect 'Available' value for CD/DVD on VM Details page 1561167 - [RFE][S-3] Excluding 'Last Analysis' field from Drift Workload Section 1561180 - upstream : Unable to add openshift provider with metrics ON as metrics validation never enables. 1561609 - [RFE][S-3] Display the VMware PortGroup attached to a specific VM/instance 1561627 - OpenStack Infra with bad credential flash shows JSON 1561646 - RFE - Azure Provider - Blacklist deployments_exportTemplate events 1561698 - When logged in as non-admin user, access control role name updates are not updated in the Access Control accordion until after a manual refresh 1561937 - Targeted refresh not working for ec2 ebs snapshots 1561959 - [RFE][S-3] Add OpenSCAP Title and CVE references into CloudForms database 1562062 - Newest EC2 t2 instance types are missing in CFME 1562828 - When creating a new user with a mismatched password, incorrect "Name/Userid can't be blank" message is also displayed 1562956 - All replication operations should be queued 1563311 - After selecting filter basic search is cleared in datastores 1563316 - Control explorer policies search clear button not working correctly 1563867 - [RFE] Need safer way to control which hosts are used for running an Ansible Job Template from CloudForms. 1564199 - Wrong default value for "Run" field on Editing Widget screen 1564495 - Quota - Azure requested storage value differs from flavor image and from provisioned VM storage. 1565019 - Subnet cidr field is not marked as required when adding a new subnet 1565208 - Reporting worker logs error when generating or displaying Guest OS Information widget report 1565235 - Support Custom buttons for more object types 1565266 - RBAC-related warnings logged when viewing Satellite provider in web UI 1565620 - [RFE] [Lenovo] Improve hostname validation 1565621 - [RFE][Lenovo] Parsing disk capacity of the physical server 1565628 - [RFE][Lenovo] Change the way that network device details are displayed 1565629 - [RFE][Lenovo] Showing authentication status in Physical Provider list 1565631 - [RFE][Lenovo] Implementing change password view 1565634 - [RFE][Lenovo] Adding Rack to provider's topology 1565635 - [RFE][Lenovo] Create a Rack list and Rack page 1565636 - [RFE][Lenovo] Create a toolbar for PhysicalRack 1565637 - [RFE][Lenovo] Adding switches list page 1565640 - [RFE][Lenovo] Adding switches show page 1565642 - [RFE][Lenovo] Add physical server dashboard widgets 1565763 - [VMWare]Sysprep customization doesn't start 1565791 - [RFE] [Azure] Sysprep Windows Templates 1566615 - Unable to use special characters in HTTPS proxy field when adding/validating container provider 1568073 - Custom service attribute does not show in the ops UI 1568077 - Retirement: Remove resources switches switches back to "no" if ansible is used for retirement 1568687 - Incorrect type description for RHV credential 1568805 - [RFE] Use our own Ruby instead of relying on the one in SCL 1569437 - [RFE][PRD][XL-13] V2V: From Vmware to OpenStack 1569452 - [RFE][PRD][S-3] Google Cloud backup of Cinder 1570044 - [RFE][PRD][KubeVirt] Detect/Add CNV Provider from CloudForms 1570121 - [RFE][PRD][KubeVirt] View VM from CloudForms 1570123 - [RFE][PRD][KubeVirt] Power management of the VM in CloudForms 1570128 - [RFE][PRD][KubeVirt] Create VM from template in CFME 1570561 - [RFE][PRD] Support for Ansible 2.6 1571223 - [upstream][v2v] Manage IQ performs slowly over remote site 1571610 - [RFE][PRD] As an operator, I want to see all cabinets (chassis enclosures). 1571614 - Service 'Order' button is colored Gray (Looks inactive). 1572350 - [RFE] Allow custom session logging size when generating reports to prevent WARN statements unnecessarily 1572376 - [RFE] Support for Microsoft Azure Germany and compatibility 1572793 - Frequent "AH01574: module ssl_module is already loaded, skipping" in journal 1573566 - [RFE][Lenovo] Adding ability to parse switch details in the Lenovo Provider 1573568 - [RFE][Lenovo] Adding ability to parse expanded PCI device and embedded device details 1573570 - [RFE][Lenovo] Adding ability to parse blade chassis details 1573572 - [RFE][Lenovo] Adding ability to parse storage adapter details 1573574 - [RFE][Lenovo] Adding ability to parse storage adapter details firmware 1573575 - [RFE][Lenovo] Adding ability to parse physical rack details 1573576 - [RFE][Lenovo] Adding ability to parse physical network device vlan and port details 1573578 - [RFE][Lenovo] Add a physical rack to the topology 1573580 - [RFE][Lenovo] Adapt Network devices page to new ports relationship 1573581 - [RFE][Lenovo] Add a dashboard view for the physical infra provider 1573591 - [RFE][Lenovo] Create a REST API for configuration pattern deployment 1573594 - [RFE][Lenovo] Create a REST API to retrieve configuration pattern 1573596 - [RFE][Lenovo] Create a REST API to retrieve chassis details 1573607 - [RFE][Lenovo] Create a REST API for storage adapter details 1573614 - [RFE][Lenovo] Add ability to parse firmware compliance details 1573616 - [RFE][Lenovo] Add ability to show resource firmware compliance details 1574029 - CFME image for EC2 is not booting when using newer instance types(c5): dracut-initqueue: Warning: Could not boot. 1574403 - 404 Not Found: When dialog submitted via custom button from datastore object with method and dialog both attached 1574444 - vm.storage only returns one storage id instead of list of storage ids that are associated with VM object. 1574488 - Remote console popup is being stored in the session 1574638 - Refresh button is displayed in request page 1574808 - [RFE][PRD] As an operator, I want to see all systems 1574809 - [RFE][PRD] As an operator, I want to be able to navigate between cabinets and systems 1574810 - [RFE][PRD] As an operator, I want to see the physical resources of a system (such as CPU, RAM) 1574813 - [RFE][PRD] As an operator, I want to be able to check the current status of all systems 1574816 - [RFE][PRD] As an operator, I want to be able power on a system 1574817 - [RFE][PRD] As an operator, I want to be able to power off a system 1574818 - [RFE][PRD] As an operator, I want to be able to reboot a system 1574820 - [RFE][PRD] As an operator, I want to be able turn on system LED 1574821 - [RFE][PRD] As an operator, I want to be able to turn off a system LED 1574828 - [RFE][PRD] As an operator, I want to be able to enable event catcher service for Redfish provider 1574829 - [RFE][PRD] As an operator, I want to be able trigger automation methods based on received events 1574830 - [RFE][PRD] As an operator, I want to be able see the events on the provider's timeline 1575773 - Azure targeted refresh: VM remains in inventory after delete event received 1576457 - [RFE] Add configuratble vhost to AMQP monitor 1576561 - [RFE] Use VMware WaitForUpdates directly to save inventory 1576922 - Persistent Volumes Report outputs Capacity in hash 1576984 - [RFE] Advanced settings - ability to reset to default value, delete newly added keys 1578792 - SSA performed on RHEL VM counts duplicate services 1579031 - Fix servicetemplateprovisionrequest_denied approver_href method. 1579753 - Quick search part of the title from different view is displayed on Flavor Summary page 1579934 - xClarity: Error while execute refresh of a provider with invalid credentials 1581288 - [RFE] Service Dialogs - Calculate Quota for instance_type dialog override. 1581652 - [RFE][AZURE] List of available regions available for subscription 1582212 - [RFE][Lenovo] Adding Physical Switches support to the API 1583017 - [RFE] Display the Virtual NIC Driver information attached to a specific VM/instance 1583175 - Save button still enabled if no change while editing Chargeback Rate 1583754 - [RFE] Snapshot field for EC2 instances non-functional 1584172 - [Upstream] Unexpected error on requests page 1585218 - CVE-2018-11627 rubygem-sinatra: XSS in the 400 Bad Request page 1585569 - UI: Cockpit- Access denied error after clicking on Cloud Intel Menu 1585689 - [RFE][Lenovo] Setting different colors for physical infra components on topology view 1586176 - [RFE][XS-2] Include file splitting for dumps/backups in appliance_console menu 1586186 - [RFE][XS-2] Include table exclusions for database dumps in appliance_console menu 1586187 - [RFE][S-3] Allow database dumps/backups to be uploaded to an FTP target 1588072 - [RFE] Client-side printing/export to PDF to support angular/react components 1588189 - [RFE] Provider operations with playbooks - create run_ansible_queue method in core 1589009 - Duplicate groups listed when setting ownership for multiple vms 1589065 - Forbidden to read the project: admin, for collection type: stack 1589261 - [RFE] Provider operations with playbooks - pluggable UI for button that can be defined by provider dev and lives with the provider repo 1589265 - [RFE][v2v] V2V should differentiate whether logs are moved or not generated 1590288 - [RFE] Add EC2 M5d and C5d instance types to CFME 1590440 - [RFE][L-8] Integration with external Ansible Tower Workflows - Backend 1590441 - [RFE][L-8] Integration with external Ansible Tower Workflows - UI 1590764 - Button group is shown in self-service portal even when no buttons or rights are assigned 1590840 - [RFE] Ansible Tower - Link to playbook logging returned to service 1590844 - [RFE] Ansible Tower - Link to playbook execution data 1590975 - [RFE][L-8] Integration with external Ansible Tower Workflows - Automate 1592573 - Default dialog entries not localized when ordering catalog item in French 1592891 - [RFE] [V2V] Extend the virt-v2v-wrapper for OpenStack 1592897 - [RFE] [V2V] Set OpenStack conversion VM tags in CF for VM identification 1592898 - [RFE] Collect Cinder volume types and display it in CloudForms 1592900 - [RFE] [V2V] Add Cinder volume types to CF OpenStack provider 1593663 - cannot add rhos provider with amqp settings. credential validation fails with error "undefined method `strip' for nil:NilClass" 1593760 - [RFE] Make cards on the top of Migration page clickable 1594196 - [v2v][RFE] Ability to limit the number of concurrent migrations (throttling) 1594469 - Dialog options are missing when using a custom button and dialog on GenericObject instance 1594757 - [RFE] non-admin user can't see requests under /api/requests 1595149 - dro.destroy: not removed from service 1595583 - Number of instances shows one more than actual value in Networks>subnets 1596136 - User with Edit Tags for Catalog Items unable to Edit Tags and No Error shown 1596143 - [v2v] vm name with punycode international characters fails while migration 1596172 - [Ansible Embedded][UI] - Footer will disappear from Playbooks page after clicking on 'Download as ...' 1596266 - [RBAC] - Groups created by tenant admin are not visible to tenant admin 1597802 - Mislabeled entries for Dropdown element in Dialog Editor 1597914 - [RFE] Support Custom buttons for more object types (See description for list) 1599798 - [RFE] Provider operations with playbooks - Use ansible-runner instead of ansible-playbook 1599868 - [RFE] - ability to edit an existing migration plan 1599997 - [RFE] Update WeightedUpdateStatus to handle task cancellation and cleanup 1600678 - Flavor: Toolbar buttons do not work when viewing list of instances for a specific Flavor 1601523 - orchestration link mismatch 1601590 - Incorrect chargeback metric values displayed for recently created vsphere vm 1602136 - [RFE] Raise event in CloudForms when new external logins are auto-created for the first time 1602413 - error 403 trying to use action refresh on a provider as non-admin user with api and refresh permissions granted 1602848 - When double clicking save, breaks service dialog 1602883 - Custom Buttons - When using protected fields, variables are not decrypted when passed to playbook 1605210 - Unable to create an operational RHV provider using the REST API. 1608554 - When a role has Operate on Service Requests, shows all requests in UI but not API 1609564 - [RFE] Set flavor access to project 1609905 - Debug logging spams evm.log with deprecation warnings 1609924 - [RFE] Multi-level dependency resolving with embedded method 1610299 - [RFE] Provide ability to supply dashboards for specific group 1610768 - [RFE] Include latest version of python-ovirt-engine-sdk4 into the appliance 1610798 - [RFE] Include latest version of ovirt-ansible-roles package and it dependencies into the appliance 1612002 - Tasks in notification drawer is empty and not usable 1613848 - [v2v][RFE] Option for setting concurrent migrations 1614006 - CloudForms VMware OVA Appliance Displays Incorrect Operating System 1614369 - [RFE] Service Dialog: Disable the 'Single value' switch in Tag Control when not applicable 1614918 - [RFE] Create a tool to track requests to puma so that when users get 502 errors, the logs tell us exactly which request timed out 1615444 - The /System/Request/ansible_tower_job instance still calls the deprecated /ConfigurationManagement/AnsibleTower/Operations/StateMachines/Job/default method 1615488 - [RFE] Support OpenStack Swift for CFME Backups 1616201 - Report view limit not working 1618743 - Misleading wording in UI for editing domain(s) 1618813 - [v2v] Text should be wrapped in popover properly 1618844 - [v2v] Red Cross Symbol in front of Plan Name for Plan that is not even started 1619298 - GCE instances not created preemptible 1619678 - cloud network nor key pairs are eligible for MIQ Expression 1619744 - Provisioning a VM on GCE produces errorneous requests 1620161 - issuing vm_reconfigure disk_remove via rest-api FAILS (WORKAROUND AVAILABLE) 1620228 - [RFE] [v2v] - Add CloudVolumeType to API 1620287 - Service Dialog Create - TextArea Entry Point not displaying correct text 1621888 - Cannot add Ansible Tower through API if using self signed cert 1623072 - [RFE] Apply right-size recommendations during migration 1623094 - [RFE] EC2 T3 instance types are missing in CFME 1623862 - GCE provider doesn't respect the http_proxy configuration to connect to the remote 1625320 - raise_retirement_event log message should include the requester information 1626005 - Appliance won't start with database connection failure at seeding 1627284 - Disk Size Filter for Report Only Allows Bytes as Size of Disk 1628726 - [RFE] - Containers Overview page Status cards do not load without provider 1629900 - [RFE][Lenovo] Add Storage unit detail with storage canister information 1629903 - [RFE][Lenovo] Add overview page for all physical infrastructure providers 1629905 - xClarity: LXCA events cause large increases in log/db size due to event collection 1630801 - [RFE] Include latest Version of Python libraries: Bambou & vspk 1632355 - [RFE] Add support for VMware to OpenStack migration 1632844 - [NoMethodError]: undefined method `create_snapshot' for VM in Global Region 1633526 - Virt-v2v is killed with SIGKILL instead of SIGTERM 1634029 - Move Automate code for conversion hosts to backend 1634673 - [RFE] Access reports based on roles 1635026 - [RFE] cloud_ds_check.sh should include --max-time for curl, or TimeoutSec= in cloud-ds-check.service 1636182 - [RFE] Add EC2 f1.4xlarge flavor to CFME 1636547 - [RFE] Move appliance from apache module mod_auth_kerb to mod_auth_gssapi 1637609 - Link in the alert for infrastructure provider leads to Containers Providers page with an error 1638502 - Retirement Requester not populated after retirement 1638508 - [RFE] Delete a Migration Plan 1638527 - [RFE] Two Small Usability Enhancements to the Plan Details Page 1638853 - [RFE] Edit an Infrastructure Mapping 1640275 - [RFE] Remove Infrastructure Mappings from Overview Page 1640279 - [RFE] A stray "0" character appears after the associated mapping name on a plan with no schedule 1640362 - [RFE] Schedule button is disabled despite date/time picker showing valid selection 1640594 - [RFE] Use migration plan status cards as selection controls 1640718 - [RFE] Azure log is hard to read, no new lines, no logging level 1640779 - [RFE] User wants to change the scheduled time of a migration plan 1642175 - [RFE] Add sorting, filtering and pagination to Migration Plan list views 1642464 - [RFE] Auto select displayed migration plans 1642495 - [RFE] [Schedule Migration] Console error when editing a schedule that is less than 2 minutes in the future 1643148 - All SCAP rules not applied after upgrading to RHEL 7.6 1643290 - [RFE] [Code Cleanup] Deduplicate filter/sort/pagination elements into ListViewToolbar renderers 1643610 - [RFE] Link directly from the Overview page to the Infrastructure Mappings page 1644310 - Cannot add volume when navigated from ec2 block storage provider relationships 1644351 - Quota for vm_reconfigure disk_remove fails sometimes 1644802 - [RFE] Migration Plan list views no longer allow vertical scrolling 1645168 - [RFE] [Edit Migration Plan] Allow changing the associated infrastructure mapping 1645629 - [RFE] Add warning if Mapping changes when editing a plan 1645714 - [RFE] [Code Cleanup] Incorporate filtering/sorting/pagination abstraction with PlanRequestDetailList 1646657 - [RFE] filterFieldTypeMenu button should have unique `Name` 1646905 - Quote not allowed in button name 1647013 - Password field is locked and blank in log depot settings after changing log depot type 1647234 - [RFE] [Code Cleanup] Incorporate filtering/sorting/pagination abstraction with PlanVmsList 1649799 - Setting the memory threshold for the Refresh worker in the WebUI configures the wrong value in the configuration yaml 1649806 - Validation for GCE Provider Returns No Success/Failure in ManageIQ Hammer 1-rc1 1651241 - Emails not validated on Schedules and Alerts add/edit form 1653169 - Update UI tooltip for Infrastructure Mapping warning icon 1653709 - A user with the role operator can't view datastores through Provider page 1653796 - widget description in the page title 1654385 - [RFE] Add warning to mapping wizard when no OSP conversion hosts are present 1654828 - [RFE] Remove unreliable links to product documentation 1655012 - Custom roles are not updating with required changes in product feature tree 1655163 - [v2v][RFE] Editing an OSP mapping with public networks causes errors in Networks step of mapping wizard 1655174 - [v2v][RFE] Rename the "Overview" page to "Migration Plans" 1656961 - [RFE] Settings: enforce a minimum of 1 migration per conversion host 1663031 - Empty image appears next to fired alert on Monitor->Alerts->All Alerts page

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-0212.html

CWE : Common Weakness Enumeration

100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration


Nessus® Vulnerability Scanner

2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-3f61c5cf7c.nasl - Type : ACT_GATHER_INFO
2018-08-02Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ca05d9daac1d41138a05ffe9cd0d6160.nasl - Type : ACT_GATHER_INFO
2018-06-25Name : The remote Fedora host is missing a security update.
File : fedora_2018-0b17e1e529.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2019-02-09 13:18:39
  • First insertion