logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2017:0320) Moderate: CFME 5.7.1 bug fixes and enhancement update

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view controller (MVC) framework for web application development. Action Pack implements the controller and the view components. This update fixes various bugs and adds several enhancements. Documentation for these changes is available in the Release Notes linked to in the References section. Security Fix(es): * A logic error in valid_role() in CloudForms role validation could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges. (CVE-2017-2632) This issue was discovered by Matouš Mojžíš (Red Hat). All CFME users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.


Affected Package


OS OS Version Package Name Package Version
RedHat 7 cfme-debuginfo 5.7.1.3-1.el7cf
RedHat 7 cfme 5.7.1.3-1.el7cf
RedHat 7 cfme-appliance-debuginfo 5.7.1.3-1.el7cf
RedHat 7 cfme-appliance 5.7.1.3-1.el7cf
RedHat 7 cfme-appliance 5.7.1.3-1.el7cf
RedHat 7 cfme-gemset 5.7.1.3-1.el7cf
RedHat 7 cfme 5.7.1.3-1.el7cf
RedHat 7 cfme-gemset 5.7.1.3-1.el7cf

Related