(RHSA-2014:1317) Moderate: cfme security, bug fix, and enhancement update

2014-10-0200:00:00

access.redhat.com

EPSS

0.002

Percentile

60.0%

JSON

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

It was found that Red Hat CloudForms exposed default routes that were
reachable via HTTP(S) requests. An authenticated user could use this flaw
to access potentially sensitive controllers and actions that would allow
for privilege escalation. (CVE-2014-0140)

It was found that Red Hat CloudForms contained an insecure send method that
accepted user-supplied arguments. An authenticated user could use this flaw
to modify the program flow in a way that could result in privilege
escalation. (CVE-2014-3642)

These issues were discovered by Jan Rusnacko of Red Hat Product Security.

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available in the Release Notes and
Technical Notes documents linked to in the References section.

All cfme users are advised to upgrade to these updated packages, which
contain correct these issues and add these enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat6srcruby193-rubygem-outfielding-jqplot-rails< 1.0.8-1.el6cfruby193-rubygem-outfielding-jqplot-rails-1.0.8-1.el6cf.src.rpm
RedHat6x86_64mod_authnz_pam-debuginfo< 0.9.2-1.el6mod_authnz_pam-debuginfo-0.9.2-1.el6.x86_64.rpm
RedHat6noarchruby193-rubygem-fastercsv< 1.5.5-2.el6cfruby193-rubygem-fastercsv-1.5.5-2.el6cf.noarch.rpm
RedHat6srcruby193-rubygem-ziya< 2.3.0-2.el6cfruby193-rubygem-ziya-2.3.0-2.el6cf.src.rpm
RedHat6srcruby193-rubygem-rails_best_practices< 1.13.8-1.el6cfruby193-rubygem-rails_best_practices-1.13.8-1.el6cf.src.rpm
RedHat6srcruby193-rubygem-roodi< 2.2.0-1.el6cfruby193-rubygem-roodi-2.2.0-1.el6cf.src.rpm
RedHat6srcruby193-rubygem-ruby-prof< 0.13.0-1.el6cfruby193-rubygem-ruby-prof-0.13.0-1.el6cf.src.rpm
RedHat6x86_64sssd-ipa< 1.11.6-3.el6sssd-ipa-1.11.6-3.el6.x86_64.rpm
RedHat6srcruby193-rubygem-rbovirt< 0.0.17-3.el6cfruby193-rubygem-rbovirt-0.0.17-3.el6cf.src.rpm
RedHat6x86_64lshw-gui< B.02.16-4.el6cflshw-gui-B.02.16-4.el6cf.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	src	ruby193-rubygem-outfielding-jqplot-rails	< 1.0.8-1.el6cf	ruby193-rubygem-outfielding-jqplot-rails-1.0.8-1.el6cf.src.rpm
RedHat	6	x86_64	mod_authnz_pam-debuginfo	< 0.9.2-1.el6	mod_authnz_pam-debuginfo-0.9.2-1.el6.x86_64.rpm
RedHat	6	noarch	ruby193-rubygem-fastercsv	< 1.5.5-2.el6cf	ruby193-rubygem-fastercsv-1.5.5-2.el6cf.noarch.rpm
RedHat	6	src	ruby193-rubygem-ziya	< 2.3.0-2.el6cf	ruby193-rubygem-ziya-2.3.0-2.el6cf.src.rpm
RedHat	6	src	ruby193-rubygem-rails_best_practices	< 1.13.8-1.el6cf	ruby193-rubygem-rails_best_practices-1.13.8-1.el6cf.src.rpm
RedHat	6	src	ruby193-rubygem-roodi	< 2.2.0-1.el6cf	ruby193-rubygem-roodi-2.2.0-1.el6cf.src.rpm
RedHat	6	src	ruby193-rubygem-ruby-prof	< 0.13.0-1.el6cf	ruby193-rubygem-ruby-prof-0.13.0-1.el6cf.src.rpm
RedHat	6	x86_64	sssd-ipa	< 1.11.6-3.el6	sssd-ipa-1.11.6-3.el6.x86_64.rpm
RedHat	6	src	ruby193-rubygem-rbovirt	< 0.0.17-3.el6cf	ruby193-rubygem-rbovirt-0.0.17-3.el6cf.src.rpm
RedHat	6	x86_64	lshw-gui	< B.02.16-4.el6cf	lshw-gui-B.02.16-4.el6cf.x86_64.rpm

Rows per page:

1-10 of 4201

EPSS

0.002

Percentile

60.0%

JSON

Related for RHSA-2014:1317