(RHSA-2018:2561) Important: CloudForms 4.6.4 security, bug fix, and enhancement update

2018-09-0417:51:21

access.redhat.com

0.023 Low

EPSS

Percentile

89.7%

JSON

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root (CVE-2018-10905)
rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files (CVE-2018-3760)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Stephen Gappinger (American Express) for reporting CVE-2018-10905.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64cfme-appliance-tools< 5.9.4.7-1.el7cfcfme-appliance-tools-5.9.4.7-1.el7cf.x86_64.rpm
RedHat7noarchrh-ruby23-rubygem-redhat_access_cfme< 2.0.3-1.el7cfrh-ruby23-rubygem-redhat_access_cfme-2.0.3-1.el7cf.noarch.rpm
RedHat7x86_64cfme-gemset< 5.9.4.7-1.el7cfcfme-gemset-5.9.4.7-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-appliance< 5.9.4.7-1.el7cfcfme-appliance-5.9.4.7-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-amazon-smartstate< 5.9.4.7-1.el7cfcfme-amazon-smartstate-5.9.4.7-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-appliance-debuginfo< 5.9.4.7-1.el7cfcfme-appliance-debuginfo-5.9.4.7-1.el7cf.x86_64.rpm
RedHat7x86_64rh-postgresql95-postgresql-pglogical-debuginfo< 2.1.0-4.el7cfrh-postgresql95-postgresql-pglogical-debuginfo-2.1.0-4.el7cf.x86_64.rpm
RedHat7noarchrh-ruby23-rubygem-redhat_access_cfme-doc< 2.0.3-1.el7cfrh-ruby23-rubygem-redhat_access_cfme-doc-2.0.3-1.el7cf.noarch.rpm
RedHat7x86_64cfme< 5.9.4.7-1.el7cfcfme-5.9.4.7-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-gemset-debuginfo< 5.9.4.7-1.el7cfcfme-gemset-debuginfo-5.9.4.7-1.el7cf.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	cfme-appliance-tools	< 5.9.4.7-1.el7cf	cfme-appliance-tools-5.9.4.7-1.el7cf.x86_64.rpm
RedHat	7	noarch	rh-ruby23-rubygem-redhat_access_cfme	< 2.0.3-1.el7cf	rh-ruby23-rubygem-redhat_access_cfme-2.0.3-1.el7cf.noarch.rpm
RedHat	7	x86_64	cfme-gemset	< 5.9.4.7-1.el7cf	cfme-gemset-5.9.4.7-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-appliance	< 5.9.4.7-1.el7cf	cfme-appliance-5.9.4.7-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-amazon-smartstate	< 5.9.4.7-1.el7cf	cfme-amazon-smartstate-5.9.4.7-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-appliance-debuginfo	< 5.9.4.7-1.el7cf	cfme-appliance-debuginfo-5.9.4.7-1.el7cf.x86_64.rpm
RedHat	7	x86_64	rh-postgresql95-postgresql-pglogical-debuginfo	< 2.1.0-4.el7cf	rh-postgresql95-postgresql-pglogical-debuginfo-2.1.0-4.el7cf.x86_64.rpm
RedHat	7	noarch	rh-ruby23-rubygem-redhat_access_cfme-doc	< 2.0.3-1.el7cf	rh-ruby23-rubygem-redhat_access_cfme-doc-2.0.3-1.el7cf.noarch.rpm
RedHat	7	x86_64	cfme	< 5.9.4.7-1.el7cf	cfme-5.9.4.7-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-gemset-debuginfo	< 5.9.4.7-1.el7cf	cfme-gemset-debuginfo-5.9.4.7-1.el7cf.x86_64.rpm