(RHSA-2019:0212) Moderate: CloudForms 4.7 security, bug fix and enhancement update

2019-02-0722:50:40

access.redhat.com

161

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-postgresql95-postgresql-pglogical< 2.1.0-4.el7cfrh-postgresql95-postgresql-pglogical-2.1.0-4.el7cf.x86_64.rpm
RedHat7x86_64bubblewrap< 0.1.7-1.el7bubblewrap-0.1.7-1.el7.x86_64.rpm
RedHat7x86_64erlang-diameter< 19.3.6.7-1.el7aterlang-diameter-19.3.6.7-1.el7at.x86_64.rpm
RedHat7x86_64rubygem-nokogiri< 1.8.2-1.el7cfrubygem-nokogiri-1.8.2-1.el7cf.x86_64.rpm
RedHat7noarchpyopenssl-doc< 17.3.0-4.el7ostpyOpenSSL-doc-17.3.0-4.el7ost.noarch.rpm
RedHat7x86_64postgresql96-server< 9.6.10-1PGDG.el7atpostgresql96-server-9.6.10-1PGDG.el7at.x86_64.rpm
RedHat7x86_64erlang-megaco< 19.3.6.7-1.el7aterlang-megaco-19.3.6.7-1.el7at.x86_64.rpm
RedHat7x86_64postgresql96< 9.6.10-1PGDG.el7atpostgresql96-9.6.10-1PGDG.el7at.x86_64.rpm
RedHat7x86_64google-config< 2.0.0-2.el7cfgoogle-config-2.0.0-2.el7cf.x86_64.rpm
RedHat7noarchrubygem-minitest< 5.10.1-90.el7cfrubygem-minitest-5.10.1-90.el7cf.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-postgresql95-postgresql-pglogical	< 2.1.0-4.el7cf	rh-postgresql95-postgresql-pglogical-2.1.0-4.el7cf.x86_64.rpm
RedHat	7	x86_64	bubblewrap	< 0.1.7-1.el7	bubblewrap-0.1.7-1.el7.x86_64.rpm
RedHat	7	x86_64	erlang-diameter	< 19.3.6.7-1.el7at	erlang-diameter-19.3.6.7-1.el7at.x86_64.rpm
RedHat	7	x86_64	rubygem-nokogiri	< 1.8.2-1.el7cf	rubygem-nokogiri-1.8.2-1.el7cf.x86_64.rpm
RedHat	7	noarch	pyopenssl-doc	< 17.3.0-4.el7ost	pyOpenSSL-doc-17.3.0-4.el7ost.noarch.rpm
RedHat	7	x86_64	postgresql96-server	< 9.6.10-1PGDG.el7at	postgresql96-server-9.6.10-1PGDG.el7at.x86_64.rpm
RedHat	7	x86_64	erlang-megaco	< 19.3.6.7-1.el7at	erlang-megaco-19.3.6.7-1.el7at.x86_64.rpm
RedHat	7	x86_64	postgresql96	< 9.6.10-1PGDG.el7at	postgresql96-9.6.10-1PGDG.el7at.x86_64.rpm
RedHat	7	x86_64	google-config	< 2.0.0-2.el7cf	google-config-2.0.0-2.el7cf.x86_64.rpm
RedHat	7	noarch	rubygem-minitest	< 5.10.1-90.el7cf	rubygem-minitest-5.10.1-90.el7cf.noarch.rpm