(RHSA-2018:1972) Important: Red Hat CloudForms security, bug fix, and enhancement update

ID RHSA-2018:1972
Type redhat
Reporter RedHat
Modified 2018-06-25T18:08:08


Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development.

Security Fix(es):

  • python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)

  • ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges (CVE-2018-1101)

  • ansible-tower: Remote code execution by users with access to define variables in job templates (CVE-2018-1104)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Simon Vikström for reporting CVE-2018-1104. The CVE-2018-1101 issue was discovered by Graham Mainwaring (Red Hat).