Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

        Moderate: CFME 5.8.0 security, bug, and enhancement update
                                1 June 2017


        AusCERT Security Bulletin Summary

Product:           Red Hat CloudForms
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Provide Misleading Information -- Remote/Unauthenticated
                   Access Privileged Data         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-2639 CVE-2016-4457 

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

                   Red Hat Security Advisory

Synopsis:          Moderate: CFME 5.8.0 security, bug, and enhancement update
Advisory ID:       RHSA-2017:1367-01
Product:           Red Hat CloudForms
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1367
Issue date:        2017-05-31
CVE Names:         CVE-2016-4457 CVE-2017-2639 

1. Summary:

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.8 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

Security Fix(es):

* CloudForms includes a default SSL/TLS certificate for the web server.
This certificate is replaced at install time, however if an attacker were
able to man-in-the-middle an administrator while installing the new
certificate the attacker could get a copy of the private key uploaded
allowing for future attacks. (CVE-2016-4457)

* It was found that CloudForms does not verify that the server hostname
matches the domain name in the certificate when using a custom CA and
communicating with Red Hat Virtualization (RHEV) and OpenShift. This would
allow an attacker to spoof RHEV or OpenShift systems and potentially
harvest sensitive information from CloudForms. (CVE-2017-2639)

The CVE-2016-4457 issue was discovered by Simon Lukasik (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:


If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

1223120 - [RFE] Add TRACE option to EMS refresh
1226456 - [RFE][api] Add support for creation of Catalog Item/Bundle (service_templates)
1298675 - Make All links working on dashboard tab
1321616 - Registering CloudForms with RHN through a proxy fails to update /etc/rhsm/rhsm.conf
1324610 - Change Cluser/Deployment Roles to Resource Pools on cluster summary page
1341308 - CVE-2016-4457 CFME: default certificate used across all installs
1342790 - Disable Smart State Analysis button when no SmartProxy server is found
1348239 - [RFE] Catalog Item Type in Service Catalog item disappears and therefore is unknown after service catalog item creation
1361720 - appliance_console displays warning messages.
1365253 - Self-service UI "My Requests" summary page is missing "Last Message" field
1373850 - [RFE] it's impossible to Provision VMs if VMs view is opened through Providers or Clusters,etc. views
1375737 - IPv6 addresses not rendered on details page
1375740 - IPv6 addresses not selectable field for reports
1379843 - [RFE] cloud network list should have policy/tags button
1380534 - Service : "Remove Catalog items" needs to be replaced with "remove catalogs"
1380728 - [RFE] Azure Instance provisioning doesn't reuse Public ip
1381712 - Service designer : Delete profile does not work
1382714 - Dashboard widgets don't really zoom in
1382724 - Dashboard widgets - tooltip on hover text not always available and doesn't expand strings where available
1383307 - Sorting instances in network managers does not work
1383611 - Middleware - No way to create new XA Datasource
1384122 - Setting memory_reserve lower than vm_memory failed
1384154 - Extract Running Processes no longer works.
1386327 - Notification Bell : The blue icon keeps on showing even after all notifications are read
1386843 - [RFE] Validate that Hot Plug is enabled when re-configuring a powered-on VMware VM
1388411 - [RFE] Limit Topology view tree depth when there are too many objects
1389068 - [RFE] Support for custom Amazon Regions in Provider
1392391 - no events in timelines for Amazon's Availability Zones though appropriate events are present in db
1392822 - [ALL LANG] My Settings - Default Views has missing translations
1393294 - Inconsistency with  flash message while deleting saved report
1393501 - Automate Simulate - does not use input field message.
1393530 - "Shutdown Guest" is available from Vm Details menu from "off" state
1393820 - [ALL LANG] Optimize - Utilization has untranslated entries
1393832 - [ALL LANG] Networks - Networks configuration menu has untranslated entries.
1393843 - [ALL LANG] Delete selected Cloud Networks warning message is not translated
1394040 - Provider Refresh Status: unknown attribute '_object' for MiddlewareServerGroup
1394249 - UX: notification bell should be centered between two lines
1394406 - CFME provider OpenStack - missing relation between projects (tenants) and flavors
1394558 - Show notification for the user when tenant quota is exceeded.
1395270 - [RFE] No option to choose provider type in add new network provider
1395371 - While editing a user, "Full Name" field displays "Username" value instead of user's actual Full Name
1395518 - Dashboard widgets do not generate content with "By-Group" visibility filter
1395618 - Notification Bell : It should also notify about failed provisioning
1395742 - Unable to clone SCVMM template.Blank page displayed when clicked on clone template
1395826 - No dialog appears when clicking to verifying a new replication subscription with pglogical
1396063 - Cloud Intel->Timelines shows several reports selected.
1396184 - configuring external auth crashes appliance console
1396631 - reconfigure cpu cores is not usable on vsphere with hot plug
1397171 - cloudforms reports not gathering information for rhev infrastructure providers
1397686 - [RFE] Vmware Provisioning Dialog should clearly represent Vlans & DVS in Networking Dialog
1398725 - Can't add provider specific catalog items to global region
1399526 - [RFE] CRUD actions for Snapshots via REST API
1401487 - EC2 "suspended" state while making "Soft Reboot"
1401881 - Service Catalog Item Entry Point Tree is missing Red Hat Domain
1402818 - After saving default filter in datastores and clearing it infinispinner
1402823 - Saving loaded default filter in datastores changes tree view style to old dynatree
1403152 - [AWS][SDN] - Cannot edit or create Cloud networks/subnets
1403213 - Middleware pages are missing both classic search and advanced search, but they have filters panel
1403775 - Middleware - Second Domain - Servers are mixed
1404273 - VM selection single vm option should be renamed to single vm/instance
1405178 - Duplicate Automate Schema entries doesn't show errors
1406945 - Hand pointer in the VM section on service page in SSUI
1409791 - WebUI:Tag Visibility - Ansible Tower Job Templates should honor tag visiblity
1410802 - Translatable yes/no and on/off labels in check box tag
1410910 - When the same action is used twice for a policy, action icons are inconsistent
1411112 - Delete / update cloud tenant not reflected in UI in cloud tenant list
1412043 - Strange prompt "Enter the Choose option 1-5:" in appliance_console
1412573 - Refresh of a template without OS configured fails
1414480 - Missing id attribute on Cloud->Instance Edit form, Child VM MultiBoxSelect
1414672 - Typo in "Configure database" menu option
1414845 - null result when deleting orchestration templates using REST API
1414852 - services under /api/services collection are missing "delete" action with "POST" method
1414881 - delete action in /api/orchestration_templates results in error
1415919 - [RFE] /usr/bin/miq_postgres_upgrade.sh works with y and Y
1415934 - Calendar in timeline is clipped
1416146 - cannot reference parent_service with href when creating new service via REST API
1417267 - Visible flag for service dialogs does not have any effect in the SSUI
1417772 - Data on the Optimize->Utilization page doesn't get updated as different item selections are made on the Utilization tree
1417774 - Data on the Optimize->Bottlenecks page doesn't get updated as different item selections are made on the Bottlenecks tree
1418708 - The option of VM migration to the same host it is already running on is possible
1420824 - WebUI - Web Console button is enabled for archived vm's
1420934 - Wrong unit used in DB table Utilization graphs
1421182 - [RFE] Allow for template network interface type to be overwritten during a provision
1421706 - [SDN][Cloud Networks] - undefined method - Advanced search filter
1422384 - No domains found in Automation explorer; automate domain reset fails
1422449 - Missing Paginator on ems_infra control
1422584 - Middleware - Some columns have empty values in lists
1422807 - entities under /api/templates collection are missing "delete" action with "POST" method
1422996 - Event filter For Openstack::InfraManager
1423450 - containers: table "condition" under nodes menu is empty
1425068 - Provisioning against amazon fail because of unset flavor variable in best_fit_amazon stock placement method
1425206 - Retirement of a Vm or Instance should not delete it from the database
1425216 - [RFE] Unify OpenShift Origin and OpenShift Container Platform Providers
1425221 - [RFE] The container dashboard graphs must be available as soon as possible
1425591 - Unable to create snapshot If there is no active snapshot existing for a VM
1425595 - SUI: Deleting All snapshots of a VM from SUI deletes the VM from service
1425597 - Extra row of order is shown in SUI
1426229 - [RFE] Topology View for Container Projects
1426313 - Middleware - EAP6 server icon is default Wfly icon
1426486 - Unable to create catalog
1426757 - SUI : Left Align Save and Cancel Buttons on all pages in SUI
1426758 - SUI : Save button is not enabled in "retire service at date" page
1427163 - [RFE] About Screen cannot be rebranded
1427200 - evm_watchdog fails to start
1427210 - [RFE] Query and Display OpenShift Metrics ad-hoc
1427269 - Missing icon on Templates page on SSUI
1427275 - Hand pointer without clickable link on SSUI Template page
1427278 - Unable to edit Dialogs on SSUI
1427338 - entities under /api/service_templates collection are missing "delete" action with "POST" method
1427623 - SSUI : Dashboard FIlter should be removed when directly going to the menu
1427624 - SSUI : Save on Edited template need to navigate to All templates Page
1427930 - Incorrect default repo name shown in ui
1428279 - Unable to open ansible credentials
1428411 - Ad-hoc Metrics - Tag "Apply" button is disabled after initial selection
1428447 - Storage tab cannot be opened
1428602 - Wrong default provisioning entry point in ansible tower catalog item
1428607 - Service : Ansible service request fails with error "`examine_request': undefined method `name' for nil:NilClass"
1428946 - ui controls ignored in Host Comparison
1428953 - Cancel button on catalog edit is broken
1429178 - Objects List view does not show Provider name/Project
1429180 - Containers templates choose - unexpected error
1429308 - SUI - Approved Service link on Dashboard does not show correct data
1429401 - Update oVirt SDK to version 4.1.z
1429410 - After applying filter the title is missing name of filter in Filtered by
1429523 - Filters tab is missing in Load balancer
1429840 - [RFE] Add new Reports and Widgets for OpenShift Provider
1429851 - [Ansible Tower] - icon of Ansible Tower provider is not displayed
1429860 - [Ansible Tower] - event catcher errors
1429891 - [RFE] Support SSL with Validation (CA) for OpenShift Provider
1429964 - [Automate] - unable to import service dialog from yaml
1430058 - SUI: Ellipsis sub menu pop up gets clipped on Template page
1430077 - SUI : Empty page during Breadcrumb navigation on Dialogs page
1430331 - SSUI: Hover text is hiding Download button on Template Summary page.
1430374 - Can't add nonpersistant disk to a powered on vm
1430405 - Mandatory Hawkular endpoint when adding a new provider
1430552 - SUI : Hand pointer without clickable link on power state icon on Service page
1430709 - [VMWare] Provision fails if we have common network named DPortGroup
1430770 - Error when starting SmartState analysis on Host
1431070 - [Ansible Embedded] - Tower string in downloaded files
1431257 - icon of delete host button displayed twice in Host Comparison
1431629 - undefined method during refresh EmbeddedAnsible Provider
1431750 - In GCE provider adding form should be project renamed to Project ID
1431865 - [Regression] Service Chargeback costs not displayed on SSUI dashboard
1432058 - [RFE] My Settings> Start Page should include Container Menus
1432060 - Create snapshot has memory checkbox enabled, even though VM is Down.
1432117 - Persistent volume relationship link broken
1432185 - [Regression]UI error while switching intervals on host,cluster C&U graphs
1432239 - VMDB table name missing on VMDB Summary page
1432296 - Container Provider - Capacity & Utilization: The page you were looking for doesn't exist
1432485 - Instance/VM quadicon state image is square instead of curved
1432686 - Catalog Edit :Either of Cancel and "Do not Save" should be there
1432848 - No option to select type while adding Containers Provider
1432888 - [RFE] Differentiate Snapshot and Image in OpenStack Image View
1432892 - [RFE] OpenStack Operations UI is using Task
1432900 - Exception is thrown when an empty report is opened in full screen
1433209 - SUI :RBAC: Catalog Menu should be hidden or it should show Dashboard when no permissions
1434174 - Tags not sorted while tagging services in SUI
1434454 - Existing MiqQueue rows can contain serialized Rails 4.2 era classes we can't deserialize in Rails 5+
1434491 - Template table headers moved right
1434553 - Policy conditions based on 'VM and Instance.vLANs' field not working
1434939 - OpsUI - Ansible - MyServices -  Details - Hosts - Does not reflect what was set in the dialog for the Hosts
1435004 - evmserverd on global appliance fails to restart after configuring replication
1435141 - NoMethodError Nil actioncable / pubsub_adapter
1435172 - Entities menu does not contain Pod object
1435290 - OpsUI - Ansible - Order Service Item - The hosts parameter in the dialog does not inherit what was set in the service
1435362 - SSUI - Catalog view should default to tile view.
1435364 - SSUI - Post order you are left at the service
1435371 - SUI - Hide templates
1436239 - User input has wrong text
1436835 - no actions listed for /api/vms/:id/snapshots
1437593 - [UI, SDN] - different title in PDF generated in Network managers page
1437594 - Datepicker freezes after the first run of the "C & U Gap Collection".
1437597 - Machine credential dropdown contains only Default
1437607 - Can't reach scaling page - The page you were looking for doesn't exist.
1437631 - C&U UI not showing metrics - for Projects/Pods/Replicators
1437907 - "Save" and "Reset" buttons are absent when adding log collection configuration
1437911 - Edit log collection menu has no spinner
1437922 - Policy to prevent a host scan request did not work
1438074 - SUI : Any action on catalog changes the view from List to Grid
1438075 - SUI : Service toolbar actions should be disabled if no service is selected
1438092 - [Regression] Azure provider refresh fails
1438420 - error when editing /api/policies/:id resource
1438515 - Middleware - Server: Utilization does not open
1438516 - [RFE] Support for obfuscated proxy credentials used by image-inspector
1438518 - [RHV] Timing issue between refreshes when a vm is removed
1438520 - [RFE] Support VMware 6.5 HTML Console
1438521 - Some TreeNode elements are not clickable when their active children aren't in the tree
1438594 - Playbooks are not deleted if ansible inventory deleted
1438599 - SUI : Duplicate order does not provision the service
1438732 - [RFE] pass all v4 requests through the ovirt ruby sdk
1438825 - Extra vars is not shown in Retirement tab of "Ansible Playbook" catalog item
1438826 - OpsUI - Automation - Ansible - Repo - On first run before enabling Embedded Ansible the Add Repo page fails.
1438827 - [Ansible-UI]: Credentials should proper flash message.
1438829 - [Ansible Embedded] - Unable to update description of repository
1438852 - SUI : Catalog/Orders/Reports and Request all are showin dashboard when clicked
1438856 - Cockpit administration tools cannot be accessed from cloud instances views
1438865 - [VMWARE]Auto_placement provision fails due to selecting Host in Maintenance state
1438868 - 404 error in breadcrumbs links of ansible screens
1438906 - Infinite spinner when pressing on ??? in "Adding a new Condition"
1438907 - Unable to interact with ansible playbook service
1439100 - SUI: Information missing in about page
1439286 - Ansible playbook service retirement ignores provided host
1439287 - containers: table "selectors" under replicators was changed to "Node selectors"
1439290 - Azure metrics collection failing  with "MonitoringServiceException"
1439294 - [Ansible Embedded] - Menu not highlighted when navigate to Automation -> Ansible
1439295 - The  retirement buttons no longer work for services and orchestration stacks selected in the list
1439298 - [Ansible Embedded] - Wrong formatting of flash message after sorting table
1439301 - [GCE] - The page you were looking for doesn't exist.
1439303 - Excessive log lines for "Initializing DRb Connection to MiqServer with ID"
1439310 - OpsUI - Automation - Ansible - Default page
1439311 - Incorrect label in "Run Ansible Playbook" action
1439313 - service dialog can be submitted before entry point code on dynamic fields has completed execution
1439316 - SUI : Hover text on request status should indicate the status (Approved/Denied)
1439397 - Unexpected error on UI when clicking on type link on cloud images list view page
1439400 - UI: Hover text associated for button is not shown properly on Infrastructure Topology page.
1439401 - UI: Hover text is overlapped by navigation menu on Topology
1439773 - Missing retirement tab in retired services
1439935 - SUI : Unable to click on service in Grid View
1439936 - Pop up window layering inconsistent in service UI
1439938 - Encrypted password from Ansible Playbook service dialog needs to be decrypted
1439940 - [Ansible Tower] - URL and Zone not shown in the table
1439944 - Vmware infra provider refresh fail
1439946 - UI: Advanced Search - Canceling delete on saved filter delete confirmation dialog deletes the filter
1439948 - Error "undefined method `name' for nil:NilClass"  when clicked on catalog item after deleting the repository.
1440225 - SUI : Catalog Grid View multiple Cards cannot be selected
1440311 - Navigation is not working
1440312 - SUI : The create snapshot field shows description mandatory when it is not
1440317 - Missing style for the flash message in expression editor
1440318 - Unable to save automation task schedule using eastern time zone
1440321 - Access (remote console) at VM level shows twice VM Console and one is greyed out
1440322 - UI: "Add new arbitration profile to this Cloud Provider" throws "Button not yet implemented" flash message
1440323 - Failed Ansible Playbook provision doesn't update status, started and completed fields.
1440324 - Policy to prevent a VM retire request did not work
1440566 - In Container Images table - Configuration button is missing
1440568 - Ad-hoc metrics page title regression
1440573 - [Ansible-UI]: Improve task name for Ansible tasks.
1440574 - Automate import does not update display_name and description attributes in Namespace objects
1440579 - SUI : Only stack name should be shown in relationships table for stack VM
1440851 - [RFE] Add link to Kibana UI from OpenShift Provider
1441198 - Error '[NoMethodError]: undefined method `base_model' for NilClass:Class' generating chargeback for container images report
1441201 - OpenShift Refresh duration exceeds default two hour timeout and grows > 8GB never fully completing
1441203 - Message timeout of 600 seconds does not allow perf_capture_timer to finish
1441244 - CFME collects C&U metrics even before resource creation
1441249 - Unexpected error while executing a custom button
1441253 - Missing Refresh button in Automation/Ansible tabs
1441265 - Add Provider->Type "RHEVM" should change to "RHV"
1441270 - First and Last name are not being populated in automate during life-cycle provisoning
1441271 - queue_name_for_metrics_collection raises an exception when ems is nil
1441295 - Ansible output does not contain line breaks and is hard to read
1441300 - Clicking on credential from grid/tile view is redirected to cloud  key pair page
1441303 - [Ansible Tower] - The page you were looking for doesn't exist.
1441318 - SSUI: Hover text is not present on Service summary page.
1441320 - SelfService - " Category and Assigned Value " drop down list  displays the same name in edit tags
1441328 - cloud_init re-runs on appliacne reboot, static networking configuration lost
1441329 - IPv6 address in appliance_console summary is "/24" despite not using IPv6
1441330 - appliance_console doesn't ask for database disk while setting secondy DB appliance
1441402 - Wrong year in about popup window
1441404 - SUI : Snapshot is not created when VM is not connected to active provider but success message is displayed.
1441416 - dynamic check box does not update on SSUI
1441647 - methods not sorted in frame on right side in automate
1441657 - Topology View for VMware does not show all relationships
1441658 - "NetworkError attempting to fetch resource" flash during updating ansible credentials
1441661 - Topology View at Project Level does not use proper project icon
1441670 - Add provider screen: No error message when trying to add a provider with a custom ssl certificate that does not match
1441726 - Smartstate Analysis Error Unable to mount filesystem Unable to determine port used by VixDiskLib VMware
1441740 - When moving AWS provider from one zone to another Network Manager info no longer updates
1441753 - Get IP address automation code not working Azure
1441854 - OpenShift provider event storm POD_FAILEDSYNC
1442103 - UI: Topology - unable to confirm search by pressing the Return key, reacts only to a mouse click
1442150 - [SDN] - Disable CRUD actions for Azure/Amazon Network providers
1442163 - OSP refresh fail with Validation failed: Name can't be blank
1442167 - OCP Ad-Hoc metrcis fails with "504 Gateway Time-out The server didn't respond in time"
1442168 - When using dynamic drop downs, sorting of items doesn't work in self service portal.
1442170 - Refresh the CF Provider to refresh its inventory of the PROJECT
1442172 - Ansible Event monitor error's out when it does not reside on same CF appliance with Embedded Ansible/Provider Int/Op
1442174 - [Ansible Tower] - Switching to Grid View or Tile View is not possible
1442175 - EC2 provision dialogs do not support selecting multiple IPs for multi provision
1442179 - containers: web console button is generating an Unexpected error encountered
1442763 - OpenStack refresh fail with nil:NilClass
1442766 - For OSP10 provider, Cinder volume creation is never finishing on the UI
1442767 - [Ansible Tower] - Ansible Tower Jobs - relationships table wrong redirection to Parent Provider
1442768 - Rhev inventory refresh fails after rhev upgrade from 3.6 to 4.0
1442770 - RoutingError when clicked on any job in ansible tower jobs
1442888 - UI log collection does not collect ansible logs
1442891 - error when creating a group + setting the tag in create
1442900 - CloudForms 4.2 is not displaying vm network metric info from OSP10 provider
1442901 - SUI : Error opening VM console
1442902 - SUI: Clicking on catalogs displays all services instead of catalogs.
1443079 - vmware_CustomizeRequest Provisioning Type: ManageIQ::Providers::Vmware::InfraManager::Provision does not match, skipping processing
1443081 - Auto_placement provision in Redhat domain fails due to selecting Host in Maintenance state.
1443082 - SyntaxError when clicking on Refresh button for OpenStack Infra at Dashboard view
1443084 - UI: infinispinner appears on Infrastructure Timelines page.
1443085 - UI: Red Hat Insights Navigation is missing
1443086 - [RFE] Drop support for VMware MKS and old VMRC consoles
1443087 - Amazon S3 Storage Manager | Seahorse::Client::NetworkingError]: Failed to open TCP connection
1443088 - SUI : Wrong pending request count displayed in dashboard
1443091 - [Ansible Embedded] - Unable to edit the repository
1443093 - Provider summary page, Hosts & Clusters, Vms and Templates images has changed into some plain image.
1443094 - Middleware - Domain mode EAP7 container is not immutable
1443096 - Entering Ansible Repository Incorrectly does not provide feedback that creation fails
1443099 - SUI : Custom button needs to be aligned with other buttons in toolbar
1443100 - add repo operation should generate notifications
1443113 - Back button on Provider dashboard screens should be removed
1443118 - Cloud Intel - Reports: Can't import widgets
1443166 - External Auth - FreeIPA - Self-service UI doesn't time out when session timeout is reached
1443243 - UI: "Save" button is still enabled when no server is selected in "Edit Management Engine Relationship" for VM/Instance
1443245 - Clicking on Group or Role name link/icon in the user's details page does nothing
1443247 - Using REST API - encountering "NoMethodError: undefined method `key?' for #<Array..."
1443564 - Ad-hoc metrics UI - pagination buttons and text boxes are set in inappropriate location on page
1443566 - UI: Icon is missing for "Win Services" under "Configuration" section on VM summary page.
1443568 - Default catalogue item image displays 'T'
1443569 - OpsUI - Ansible - MyServices -  Plays - Blank table of details
1443571 - the amazon  best fit method sometimes attempts to select networks that aren't available to the region in use
1443669 - Unable to edit/add  service dialog imported from CF 4.0 to 4.2
1443694 - [RFE] Container Management Operator Role should exist in CloudForms out-of-the-box
1443695 - [RFE] Container Management Administrator Role should exist in CloudForms out-of-the-box
1443696 - Full refresh of second VMware provider isn't automatically started after it is added
1443700 - [Regression] storage.perf_capture ERROR
1443714 - Adding SSO to External Logging link
1443731 - When clicking on the router/security group icon it just refreshed the page on edit tags page.
1443798 - Containers may get (ems_id and old_ems_id) == nil
1443800 - Authentication Self_Service UI externalauth/miqldap Lack of user perms clarification
1444034 - UI: Unnecessary Paging bar on Requests page.
1444035 - UI: List views forget checked items when resorted by clicking on a column header.
1444038 - Chargeback for container images report editor filter tab produces an error if there are too many images in the database
1444050 - Chargeback report generation keeps whole openshift env in the memory (even after it finishes)
1444055 - Middleware - Deploy newer version of existing archive fails without option
1444060 - Self Service UI does not properly select defaults for dynamic drop downs
1444066 - Cockpit console does not open
1444067 - Container node tags are not available as report fields in Node reports
1444164 - FATAL -- : Error caught: when Clicked on Orphaned Data tab on Diagnostics Region page
1444165 - Hover text is not showing properly on Service page
1444169 - Typo in Edit Report Menus tree
1444171 - Quadicon image not display in grid/tile views for Catalogs and Orchestration Templates
1444172 - Ability to create cloud volumes for a specific block storage manager broke forms dealing with cloud volumes.
1444174 - Memory utilization metrics fail to account for system cache
1444175 - No notifications about finished service retirement
1444176 - [SDN][Azure] - Edit Tags button clickable after Net provider refresh without selected provider
1444179 - Info icon (pficon-info) looks slightly corrupted in 5.8
1444180 - Sorting configuration providers by url throws "undefinedColumn: ERROR: column providers.url does not exist"
1444213 - Ensure managers change zone and provider region with cloud manager (OpenStack)
1444219 - Ensure managers change zone and provider region with cloud manager (Google)
1444222 - Embedded Ansible Service is not passing extra_vars overridden at runtime by user
1444329 - Policy Simulation results tree nodes are not properly escaped
1444504 - No pop-up with support case when collecting logs thru dropbox from second server in distributed mode
1444506 - Wrong page title in Automation/Ansible/Playbook
1444507 - [Ansible] New credentials with private keys are not added
1444508 - Refresh doesn't remove the only and deleted ansible repository causing next deletion to fail
1444510 - Amazon Availability Zone Timelines page is broken
1444516 - Embedded tower event catcher collect not working
1444871 - Ansible Credentials type should have proper format
1444872 - Calendar control on C&U gap collection page is clipped
1444873 - [SDN][EC2] - singular in downloaded files and subjects
1444878 - Some menu items does not get translated when language is switched.
1444884 - UI: Some texts are not translated in Navigation
1444889 - After the removal of a rhev provider the datastores are still displayed but unable to be deleted
1444891 - Error "undefined method `id' for nil:NilClass" in UI  when clicked on Refresh embedded Ansible provider
1444910 - Group UI | Save button is not active when deselect cloud provider in "Hosts&Clusters" tab
1444930 - UI: VM reconfigure table needs formatting
1444943 - Infinispinner appears on Database Backup Settings page when clicking on submit button.
1444968 - No flash message displayed when retiring the provisioned service
1444995 - [RHOS]:Create snapshot button gets disabled after creating the first snapshot on an instance
1444996 - [NoMethodError]: undefined method `merge!' for nil:NilClass encountered for OpenShift full refresh
1445002 - Error Message when adding a Containers Provider with SSL/Wrong Port
1445006 - Error message is absent when trying to add chargeback rate with the same name
1445008 - Unable to edit tag/manage policies for storage managers from list view
1445015 - RBAC:Naming Inconsistency in product feature tree
1445016 - Change in gem syntax from 4.0 to 4.2 NoMethodError undefined method `run' for LinuxAdmin:Module
1445075 - Tag Visibility | Host is restricted for user with 'Host&Clusters' and Tag filters set up
1445083 - After adding Google Compute Engine throwing "[NoMethodError]: undefined method `empty?' for nil:NilClass" in evm.log
1445086 - Container volumes should honour tag visibility
1445103 - [Ansible Tower] - Ansible Tower Jobs - relationships table - undefined method when clicking on Service
1445108 - Wrong flash message after ansible playbook catalog item deletion
1445111 - UI blows up while trying to create a cloud volume from the Storage Summary screen
1445112 - SUI : Sort "My Service" page based on created time
1445283 - Error: undefined method `all' for nil:NilClass [ems_cluster/button]  when clicked set retirements Dates for the VMS
1445311 - [RFE] CFME 4.1 EMS Refresh should be targeted for folder create, as opposed to a full EMS Refresh
1445354 - [RFE] Edit action is not been supported for VMS resources.
1445363 - Saved mapping rule has always Resource Entity as <All>
1445368 - Error flash msg of mapping tag with already existing label has additional ", " characters before label name
1445369 - Ampersand not rendering correctly in "Status of Roles for Servers in Zone"
1445376 - Cannot copy a built in OpenSCAP policy
1445378 - FATAL -- : Error caught: while changing page per items on Customization Templates
1445379 - [RFE] Make the process of reintroducing a failed HA node more user-friendly
1445380 - After reintroducing a failed primary node, there are old replication slots left on the "new" node
1445385 - In new db master node, pg_xlog directory got fulled
1445389 - [Ansible Embedded] - Editing Name of Amazon Credentials is not possible without filling keys again
1445803 - Restore to global region fails due to connection to database
1445804 - Getting undefined method `get_folder_paths' after applying RHSA-2017:0898
1445823 - Downloaded pdf summary report for hosts contains "ManageIQ"  upstream name
1445888 - VM state is not refreshed, after moving VM from running on one host to another
1445892 - [Ansible Embedded] - Extra variables can be deleted but form cannot be saved
1445893 - Create new cloud tenant fails: Unable to create Cloud Tenant "my_cloud": Expected([200]) <=> Actual(404 Not Found) excon.error.response :body
1445894 - Unable to create ansible playbook catalog item
1445895 - Embedded ansible logs should be rotated
1445899 - Error in re-configuring service: "Error during 'Provisioning': undefined method `match' for 0:Fixnum Did you mean? catch"
1445900 - During Automate Simulation the UI keeps spinning when the result has hash contents
1445936 - SCVMM provisioning started failing with Errno::ENAMETOOLONG
1445942 - Unable to edit the retirement tab in ansible playbook catalog item
1446245 - Standard output is missing in provisioned ansible playbook service
1446251 - Middleware - Add new Datasource Fails
1446277 - Error when displaying reconfigure dialog page for VM if VM has no Flavor
1446303 - Unable to launch targeted ansible refresh from repo list view
1446304 - Reintroducing a standby node that has already be reintroduced causes failure
1446329 - Switch to new Inventory implementation
1446387 - Middleware - Standalone EAP7 Server is shown as Immutable
1446613 - accessing RHEV provider fails with "NoMethodError: undefined method `>=' for nil:NilClass"
1446618 - OpsUI - MyServices - Credentials do not show
1446651 - Month selection arrows for C&U Gap collection are hidden in the UI
1446734 - CFME shows error page and throws exception to log when instance/vm/image/etc title is clicked
1446739 - Metrics collection for osp nodes failed on RHOS11
1446743 - MW - Container linking does not work with EAP on Javaagent
1446775 - containers: [" characters are added to the tags under Smart Management of container services
1446784 - New Orchestration Template Drop-down menu doesn't list vApp Template
1446790 - incorrect href attribute values for Foreman providers
1447049 - [RFE] Volumes summary page does not display any data related to containers that are using persistent volume claim
1447051 - ManageIQ icon on SUI order page
1447086 - [Ansible Embedded] - Privilege escalation for playbook does not work
1447088 - Service Catalogs: Dialogs are hanging and keeps buffering
1447126 - [Ansible Tower] - Search bar missing when navigated to Config manager e.g. from Compute
1447350 - evm fails to start on remote region after upgrading from 5.6 rubyrep to 5.8
1447367 - Ansible playbook service cannot be retired
1447372 - Tag Visibility | Access Controll: All users, groups, and tenants are visible for restricted user
1447373 - limit list of user for tenant-administator role
1447382 - Service : PXE provisioning for RHEV fails
1447388 - Ansible Playbook service retirement option should not include hosts and extra_vars when no playbook is select
1447391 - service dialog dynamic code works in admin portal but not in self-service portal
1447427 - Ansible Playbook service catalog item update failed with new_dialog_name and dialog_id both exist
1447432 - Topology view crashes with container linking in place
1447690 - Service : Separate services are provisioned when a bundle is ordered
1447704 - Crosslinked containers on middleware topology graph
1447752 - WebUI:RBAC-Unable to login when the user has only access to Chargeback feature
1447778 - VM snapshot: revert option is enabled, for Active VM
1448045 - UI lag due to more than 3650 messages in notification
1448071 - [vSphere] UI-RBAC: undefined method `all' for nil:NilClass error appears while setting ownership for template
1448079 - SSUI internationalization is incomplete
1448098 - Ansible Playbook repo's do not load playbooks after editing
1448131 - Show cross linking containers links in middleware server summary page
1448207 - Run time crash error when selecting Compute => Clouds => Topology
1448417 - Default dynamic text boxes should be blank
1448419 - Default value of dynamic dropdown list not honored CloudForms 4.2
1448499 - Invalid ExtManagementSystem id 12,000,000,000,003 specified on volume create --> failed
1448506 - The create_service_provision_request call on a service_template doesn't return a MiqRequest object
1448527 - Report no ReFS FileSystem Support
1448537 - redhat_CustomizeRequest Provisioning Type: does not match, skipping processing
1448545 - Unable to compare cloud instances."Compare selected items" option remains disabled
1448863 - cfme not passing cloud init payload to vm's
1448868 - Retirement tab is not shown for retired service
1448899 - Approve and Deny Order not working
1448902 - Remove search option from Inventory Group summary page of  Ansible Tower Provider
1448917 - [Ansible Embedded] - Editing Embedded Ansible Credentials form is not possible without filling credentials again
1448942 - Typo in flash message after cancellation of tenant creation
1448943 - Unable to add multiple elements to a dialog
1449190 - VM provision from ISO fail
1449193 - RHV provider refresh fail on "undefined method `split' for nil:NilClass"
1449215 - CFME SSUI language selection has repetitive entries for Chinese
1449223 - Some notifications show ManageIQ not CFME
1449269 - can't provision to RHEVM 4.0
1449364 - Ansible playbook cannot be added to a bundle
1449365 - UI: Security Groups show fails with comparison of Array with Array error
1449366 - Credential List is Empty when the Ansible Playbook Service Dialog is invoked from a Button versus a Service Order Screen
1449412 - MiqVimBrokerWorker exceeding memory after upgrading from 5.6 -> 5.7
1449748 - retirement runs in any zone as of 5.7.1
1449792 - ServiceUI - Missing Requests column on main dashboard
1449803 - Ansible Playbook : UI issues and button
1449810 - Retirement tab is not shown for retired service if "Copy from Provisioning" was pressed
1449811 - "Copy from Provisioning" leaves "Remove resources?" field value as is
1449843 - Attaching EBS volume to an instance results in error
1449846 - bad error message when adding playbook catalog item while embedded ansible is disabled
1450085 - Network Topology does not show Cloud Routers
1450096 - Refresh button in a dialog does not show in SUI
1450220 - Cannot select placement for Cloud Volumes (openstack cinder storage provider) and this volumes are created in different tenants during provisioning of the instance.
1450469 - Windows7 and Windows 2012- IE 11-  HTML5 Console Remains in Connecting State Indefinitely
1450470 - SSA fails on timeout for large images
1450485 - Automate method to order an Ansible Playbook Service from a button
1450492 - Create the .pgpass and print required conf for standby on primary database servers
1450962 - Middleware - Add new JDBC Driver Fails
1450966 - [Ansible Tower] Advanced search feature broken
1451046 - Queued item containing secrets is being dumped in plain-text in evm.log
1451078 - SSUI: Restricted user(tag) can see service items list(but cannot open or order them)
1451081 - Service catalog(count) on right should match the number displayed on left menu
1451121 - Add new repository is shown even when embedded ansible is not enabled.
1451395 - CFME does not support group/tag access restrictions for performance reports
1451457 - Raise minimum memory requirement for CFME appliances to 12GB
1451780 - [Ansible Embedded] - SCM credentials cannot be added
1451920 - [Ansible Embedded] - Empty stdout after playbook execution
1451922 - 404 error on deployment roles page
1451925 - Unexpected error encountered after clicking on RSS Feeds links
1451939 - Ansible - SUI - VMs when linked to service are not shown, opsUI shows them correctly
1452333 - Error when executing a button assigned to a button group
1452823 - [Microsoft]Auto_placement provision fails due to selecting Host in Maintenance state

6. Package List:

CloudForms Management Engine 5.8:




These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from

7. References:


8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
Version: GnuPG v1


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967