(RHSA-2019:0315) Moderate: CloudForms 4.6.8 security, bug fix and enhancement update

2019-02-1213:47:30

access.redhat.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.6%

JSON

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64cfme-debuginfo< 5.9.8.1-1.el7cfcfme-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-appliance-common< 5.9.8.1-1.el7cfcfme-appliance-common-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme< 5.9.8.1-1.el7cfcfme-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64dbus-api-service< 1.0.1-3.2.el7cfdbus-api-service-1.0.1-3.2.el7cf.x86_64.rpm
RedHat7x86_64cfme-gemset< 5.9.8.1-1.el7cfcfme-gemset-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-appliance< 5.9.8.1-1.el7cfcfme-appliance-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-amazon-smartstate< 5.9.8.1-1.el7cfcfme-amazon-smartstate-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-appliance-tools< 5.9.8.1-1.el7cfcfme-appliance-tools-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-gemset-debuginfo< 5.9.8.1-1.el7cfcfme-gemset-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
RedHat7x86_64cfme-appliance-debuginfo< 5.9.8.1-1.el7cfcfme-appliance-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	cfme-debuginfo	< 5.9.8.1-1.el7cf	cfme-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-appliance-common	< 5.9.8.1-1.el7cf	cfme-appliance-common-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme	< 5.9.8.1-1.el7cf	cfme-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	dbus-api-service	< 1.0.1-3.2.el7cf	dbus-api-service-1.0.1-3.2.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-gemset	< 5.9.8.1-1.el7cf	cfme-gemset-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-appliance	< 5.9.8.1-1.el7cf	cfme-appliance-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-amazon-smartstate	< 5.9.8.1-1.el7cf	cfme-amazon-smartstate-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-appliance-tools	< 5.9.8.1-1.el7cf	cfme-appliance-tools-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-gemset-debuginfo	< 5.9.8.1-1.el7cf	cfme-gemset-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm
RedHat	7	x86_64	cfme-appliance-debuginfo	< 5.9.8.1-1.el7cf	cfme-appliance-debuginfo-5.9.8.1-1.el7cf.x86_64.rpm