CVE-2016-4457
CVSS5.0
发布时间 :2017-06-08 14:29:00
修订时间 :2017-06-16 13:48:50
NMPS    

[原文]CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.


[CNNVD]CNNVD数据暂缺。


[机译]Google 翻译(企业版):

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-310 [密码学安全问题]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4457
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4457
(官方数据源) NVD

- 其它链接及资源

https://bugzilla.redhat.com/show_bug.cgi?id=1341308
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=1341308

- 漏洞信息 (F142761)

Red Hat Security Advisory 2017-1367-01 (PacketStormID:F142761)
2017-05-31 00:00:00
Red Hat  
advisory,web,ruby
linux,redhat
CVE-2016-4457,CVE-2017-2639
[点击下载]

Red Hat Security Advisory 2017-1367-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time, however if an attacker were able to man-in-the-middle an administrator while installing the new certificate the attacker could get a copy of the private key uploaded allowing for future attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: CFME 5.8.0 security, bug, and enhancement update
Advisory ID:       RHSA-2017:1367-01
Product:           Red Hat CloudForms
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1367
Issue date:        2017-05-31
CVE Names:         CVE-2016-4457 CVE-2017-2639 
=====================================================================

1. Summary:

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.8 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

Security Fix(es):

* CloudForms includes a default SSL/TLS certificate for the web server.
This certificate is replaced at install time, however if an attacker were
able to man-in-the-middle an administrator while installing the new
certificate the attacker could get a copy of the private key uploaded
allowing for future attacks. (CVE-2016-4457)

* It was found that CloudForms does not verify that the server hostname
matches the domain name in the certificate when using a custom CA and
communicating with Red Hat Virtualization (RHEV) and OpenShift. This would
allow an attacker to spoof RHEV or OpenShift systems and potentially
harvest sensitive information from CloudForms. (CVE-2017-2639)

The CVE-2016-4457 issue was discovered by Simon Lukasik (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

1223120 - [RFE] Add TRACE option to EMS refresh
1226456 - [RFE][api] Add support for creation of Catalog Item/Bundle (service_templates)
1298675 - Make All links working on dashboard tab
1321616 - Registering CloudForms with RHN through a proxy fails to update /etc/rhsm/rhsm.conf
1324610 - Change Cluser/Deployment Roles to Resource Pools on cluster summary page
1341308 - CVE-2016-4457 CFME: default certificate used across all installs
1342790 - Disable Smart State Analysis button when no SmartProxy server is found
1348239 - [RFE] Catalog Item Type in Service Catalog item disappears and therefore is unknown after service catalog item creation
1361720 - appliance_console displays warning messages.
1365253 - Self-service UI "My Requests" summary page is missing "Last Message" field
1373850 - [RFE] it's impossible to Provision VMs if VMs view is opened through Providers or Clusters,etc. views
1375737 - IPv6 addresses not rendered on details page
1375740 - IPv6 addresses not selectable field for reports
1379843 - [RFE] cloud network list should have policy/tags button
1380534 - Service : "Remove Catalog items" needs to be replaced with "remove catalogs"
1380728 - [RFE] Azure Instance provisioning doesn't reuse Public ip
1381712 - Service designer : Delete profile does not work
1382714 - Dashboard widgets don't really zoom in
1382724 - Dashboard widgets - tooltip on hover text not always available and doesn't expand strings where available
1383307 - Sorting instances in network managers does not work
1383611 - Middleware - No way to create new XA Datasource
1384122 - Setting memory_reserve lower than vm_memory failed
1384154 - Extract Running Processes no longer works.
1386327 - Notification Bell : The blue icon keeps on showing even after all notifications are read
1386843 - [RFE] Validate that Hot Plug is enabled when re-configuring a powered-on VMware VM
1388411 - [RFE] Limit Topology view tree depth when there are too many objects
1389068 - [RFE] Support for custom Amazon Regions in Provider
1392391 - no events in timelines for Amazon's Availability Zones though appropriate events are present in db
1392822 - [ALL LANG] My Settings - Default Views has missing translations
1393294 - Inconsistency with  flash message while deleting saved report
1393501 - Automate Simulate - does not use input field message.
1393530 - "Shutdown Guest" is available from Vm Details menu from "off" state
1393820 - [ALL LANG] Optimize - Utilization has untranslated entries
1393832 - [ALL LANG] Networks - Networks configuration menu has untranslated entries.
1393843 - [ALL LANG] Delete selected Cloud Networks warning message is not translated
1394040 - Provider Refresh Status: unknown attribute '_object' for MiddlewareServerGroup
1394249 - UX: notification bell should be centered between two lines
1394406 - CFME provider OpenStack - missing relation between projects (tenants) and flavors
1394558 - Show notification for the user when tenant quota is exceeded.
1395270 - [RFE] No option to choose provider type in add new network provider
1395371 - While editing a user, "Full Name" field displays "Username" value instead of user's actual Full Name
1395518 - Dashboard widgets do not generate content with "By-Group" visibility filter
1395618 - Notification Bell : It should also notify about failed provisioning
1395742 - Unable to clone SCVMM template.Blank page displayed when clicked on clone template
1395826 - No dialog appears when clicking to verifying a new replication subscription with pglogical
1396063 - Cloud Intel->Timelines shows several reports selected.
1396184 - configuring external auth crashes appliance console 5.7.0.11
1396631 - reconfigure cpu cores is not usable on vsphere with hot plug
1397171 - cloudforms reports not gathering information for rhev infrastructure providers
1397686 - [RFE] Vmware Provisioning Dialog should clearly represent Vlans & DVS in Networking Dialog
1398725 - Can't add provider specific catalog items to global region
1399526 - [RFE] CRUD actions for Snapshots via REST API
1401487 - EC2 "suspended" state while making "Soft Reboot"
1401881 - Service Catalog Item Entry Point Tree is missing Red Hat Domain
1402818 - After saving default filter in datastores and clearing it infinispinner
1402823 - Saving loaded default filter in datastores changes tree view style to old dynatree
1403152 - [AWS][SDN] - Cannot edit or create Cloud networks/subnets
1403213 - Middleware pages are missing both classic search and advanced search, but they have filters panel
1403775 - Middleware - Second Domain - Servers are mixed
1404273 - VM selection single vm option should be renamed to single vm/instance
1405178 - Duplicate Automate Schema entries doesn't show errors
1406945 - Hand pointer in the VM section on service page in SSUI
1409791 - WebUI:Tag Visibility - Ansible Tower Job Templates should honor tag visiblity
1410802 - Translatable yes/no and on/off labels in check box tag
1410910 - When the same action is used twice for a policy, action icons are inconsistent
1411112 - Delete / update cloud tenant not reflected in UI in cloud tenant list
1412043 - Strange prompt "Enter the Choose option 1-5:" in appliance_console
1412573 - Refresh of a template without OS configured fails
1414480 - Missing id attribute on Cloud->Instance Edit form, Child VM MultiBoxSelect
1414672 - Typo in "Configure database" menu option
1414845 - null result when deleting orchestration templates using REST API
1414852 - services under /api/services collection are missing "delete" action with "POST" method
1414881 - delete action in /api/orchestration_templates results in error
1415919 - [RFE] /usr/bin/miq_postgres_upgrade.sh works with y and Y
1415934 - Calendar in timeline is clipped
1416146 - cannot reference parent_service with href when creating new service via REST API
1417267 - Visible flag for service dialogs does not have any effect in the SSUI
1417772 - Data on the Optimize->Utilization page doesn't get updated as different item selections are made on the Utilization tree
1417774 - Data on the Optimize->Bottlenecks page doesn't get updated as different item selections are made on the Bottlenecks tree
1418708 - The option of VM migration to the same host it is already running on is possible
1420824 - WebUI - Web Console button is enabled for archived vm's
1420934 - Wrong unit used in DB table Utilization graphs
1421182 - [RFE] Allow for template network interface type to be overwritten during a provision
1421706 - [SDN][Cloud Networks] - undefined method - Advanced search filter
1422384 - No domains found in Automation explorer; automate domain reset fails
1422449 - Missing Paginator on ems_infra control
1422584 - Middleware - Some columns have empty values in lists
1422807 - entities under /api/templates collection are missing "delete" action with "POST" method
1422996 - Event filter For Openstack::InfraManager
1423450 - containers: table "condition" under nodes menu is empty
1425068 - Provisioning against amazon fail because of unset flavor variable in best_fit_amazon stock placement method
1425206 - Retirement of a Vm or Instance should not delete it from the database
1425216 - [RFE] Unify OpenShift Origin and OpenShift Container Platform Providers
1425221 - [RFE] The container dashboard graphs must be available as soon as possible
1425591 - Unable to create snapshot If there is no active snapshot existing for a VM
1425595 - SUI: Deleting All snapshots of a VM from SUI deletes the VM from service
1425597 - Extra row of order is shown in SUI
1426229 - [RFE] Topology View for Container Projects
1426313 - Middleware - EAP6 server icon is default Wfly icon
1426486 - Unable to create catalog
1426757 - SUI : Left Align Save and Cancel Buttons on all pages in SUI
1426758 - SUI : Save button is not enabled in "retire service at date" page
1427163 - [RFE] About Screen cannot be rebranded
1427200 - evm_watchdog fails to start
1427210 - [RFE] Query and Display OpenShift Metrics ad-hoc
1427269 - Missing icon on Templates page on SSUI
1427275 - Hand pointer without clickable link on SSUI Template page
1427278 - Unable to edit Dialogs on SSUI
1427338 - entities under /api/service_templates collection are missing "delete" action with "POST" method
1427623 - SSUI : Dashboard FIlter should be removed when directly going to the menu
1427624 - SSUI : Save on Edited template need to navigate to All templates Page
1427930 - Incorrect default repo name shown in ui
1428279 - Unable to open ansible credentials
1428411 - Ad-hoc Metrics - Tag "Apply" button is disabled after initial selection
1428447 - Storage tab cannot be opened
1428602 - Wrong default provisioning entry point in ansible tower catalog item
1428607 - Service : Ansible service request fails with error "`examine_request': undefined method `name' for nil:NilClass"
1428946 - ui controls ignored in Host Comparison
1428953 - Cancel button on catalog edit is broken
1429178 - Objects List view does not show Provider name/Project
1429180 - Containers templates choose - unexpected error
1429308 - SUI - Approved Service link on Dashboard does not show correct data
1429401 - Update oVirt SDK to version 4.1.z
1429410 - After applying filter the title is missing name of filter in Filtered by
1429523 - Filters tab is missing in Load balancer
1429840 - [RFE] Add new Reports and Widgets for OpenShift Provider
1429851 - [Ansible Tower] - icon of Ansible Tower provider is not displayed
1429860 - [Ansible Tower] - event catcher errors
1429891 - [RFE] Support SSL with Validation (CA) for OpenShift Provider
1429964 - [Automate] - unable to import service dialog from yaml
1430058 - SUI: Ellipsis sub menu pop up gets clipped on Template page
1430077 - SUI : Empty page during Breadcrumb navigation on Dialogs page
1430331 - SSUI: Hover text is hiding Download button on Template Summary page.
1430374 - Can't add nonpersistant disk to a powered on vm
1430405 - Mandatory Hawkular endpoint when adding a new provider
1430552 - SUI : Hand pointer without clickable link on power state icon on Service page
1430709 - [VMWare] Provision fails if we have common network named DPortGroup
1430770 - Error when starting SmartState analysis on Host
1431070 - [Ansible Embedded] - Tower string in downloaded files
1431257 - icon of delete host button displayed twice in Host Comparison
1431629 - undefined method during refresh EmbeddedAnsible Provider
1431750 - In GCE provider adding form should be project renamed to Project ID
1431865 - [Regression] Service Chargeback costs not displayed on SSUI dashboard
1432058 - [RFE] My Settings> Start Page should include Container Menus
1432060 - Create snapshot has memory checkbox enabled, even though VM is Down.
1432117 - Persistent volume relationship link broken
1432185 - [Regression]UI error while switching intervals on host,cluster C&U graphs
1432239 - VMDB table name missing on VMDB Summary page
1432296 - Container Provider - Capacity & Utilization: The page you were looking for doesn't exist
1432485 - Instance/VM quadicon state image is square instead of curved
1432686 - Catalog Edit :Either of Cancel and "Do not Save" should be there
1432848 - No option to select type while adding Containers Provider
1432888 - [RFE] Differentiate Snapshot and Image in OpenStack Image View
1432892 - [RFE] OpenStack Operations UI is using Task
1432900 - Exception is thrown when an empty report is opened in full screen
1433209 - SUI :RBAC: Catalog Menu should be hidden or it should show Dashboard when no permissions
1434174 - Tags not sorted while tagging services in SUI
1434454 - Existing MiqQueue rows can contain serialized Rails 4.2 era classes we can't deserialize in Rails 5+
1434491 - Template table headers moved right
1434553 - Policy conditions based on 'VM and Instance.vLANs' field not working
1434939 - OpsUI - Ansible - MyServices -  Details - Hosts - Does not reflect what was set in the dialog for the Hosts
1435004 - evmserverd on global appliance fails to restart after configuring replication
1435141 - NoMethodError Nil actioncable / pubsub_adapter
1435172 - Entities menu does not contain Pod object
1435290 - OpsUI - Ansible - Order Service Item - The hosts parameter in the dialog does not inherit what was set in the service
1435362 - SSUI - Catalog view should default to tile view.
1435364 - SSUI - Post order you are left at the service
1435371 - SUI - Hide templates
1436239 - User input has wrong text
1436835 - no actions listed for /api/vms/:id/snapshots
1437593 - [UI, SDN] - different title in PDF generated in Network managers page
1437594 - Datepicker freezes after the first run of the "C & U Gap Collection".
1437597 - Machine credential dropdown contains only Default
1437607 - Can't reach scaling page - The page you were looking for doesn't exist.
1437631 - C&U UI not showing metrics - for Projects/Pods/Replicators
1437907 - "Save" and "Reset" buttons are absent when adding log collection configuration
1437911 - Edit log collection menu has no spinner
1437922 - Policy to prevent a host scan request did not work
1438074 - SUI : Any action on catalog changes the view from List to Grid
1438075 - SUI : Service toolbar actions should be disabled if no service is selected
1438092 - [Regression] Azure provider refresh fails
1438420 - error when editing /api/policies/:id resource
1438515 - Middleware - Server: Utilization does not open
1438516 - [RFE] Support for obfuscated proxy credentials used by image-inspector
1438518 - [RHV] Timing issue between refreshes when a vm is removed
1438520 - [RFE] Support VMware 6.5 HTML Console
1438521 - Some TreeNode elements are not clickable when their active children aren't in the tree
1438594 - Playbooks are not deleted if ansible inventory deleted
1438599 - SUI : Duplicate order does not provision the service
1438732 - [RFE] pass all v4 requests through the ovirt ruby sdk
1438825 - Extra vars is not shown in Retirement tab of "Ansible Playbook" catalog item
1438826 - OpsUI - Automation - Ansible - Repo - On first run before enabling Embedded Ansible the Add Repo page fails.
1438827 - [Ansible-UI]: Credentials should proper flash message.
1438829 - [Ansible Embedded] - Unable to update description of repository
1438852 - SUI : Catalog/Orders/Reports and Request all are showin dashboard when clicked
1438856 - Cockpit administration tools cannot be accessed from cloud instances views
1438865 - [VMWARE]Auto_placement provision fails due to selecting Host in Maintenance state
1438868 - 404 error in breadcrumbs links of ansible screens
1438906 - Infinite spinner when pressing on ??? in "Adding a new Condition"
1438907 - Unable to interact with ansible playbook service
1439100 - SUI: Information missing in about page
1439286 - Ansible playbook service retirement ignores provided host
1439287 - containers: table "selectors" under replicators was changed to "Node selectors"
1439290 - Azure metrics collection failing  with "MonitoringServiceException"
1439294 - [Ansible Embedded] - Menu not highlighted when navigate to Automation -> Ansible
1439295 - The  retirement buttons no longer work for services and orchestration stacks selected in the list
1439298 - [Ansible Embedded] - Wrong formatting of flash message after sorting table
1439301 - [GCE] - The page you were looking for doesn't exist.
1439303 - Excessive log lines for "Initializing DRb Connection to MiqServer with ID"
1439310 - OpsUI - Automation - Ansible - Default page
1439311 - Incorrect label in "Run Ansible Playbook" action
1439313 - service dialog can be submitted before entry point code on dynamic fields has completed execution
1439316 - SUI : Hover text on request status should indicate the status (Approved/Denied)
1439397 - Unexpected error on UI when clicking on type link on cloud images list view page
1439400 - UI: Hover text associated for button is not shown properly on Infrastructure Topology page.
1439401 - UI: Hover text is overlapped by navigation menu on Topology
1439773 - Missing retirement tab in retired services
1439935 - SUI : Unable to click on service in Grid View
1439936 - Pop up window layering inconsistent in service UI
1439938 - Encrypted password from Ansible Playbook service dialog needs to be decrypted
1439940 - [Ansible Tower] - URL and Zone not shown in the table
1439944 - Vmware infra provider refresh fail
1439946 - UI: Advanced Search - Canceling delete on saved filter delete confirmation dialog deletes the filter
1439948 - Error "undefined method `name' for nil:NilClass"  when clicked on catalog item after deleting the repository.
1440225 - SUI : Catalog Grid View multiple Cards cannot be selected
1440311 - Navigation is not working
1440312 - SUI : The create snapshot field shows description mandatory when it is not
1440317 - Missing style for the flash message in expression editor
1440318 - Unable to save automation task schedule using eastern time zone
1440321 - Access (remote console) at VM level shows twice VM Console and one is greyed out
1440322 - UI: "Add new arbitration profile to this Cloud Provider" throws "Button not yet implemented" flash message
1440323 - Failed Ansible Playbook provision doesn't update status, started and completed fields.
1440324 - Policy to prevent a VM retire request did not work
1440566 - In Container Images table - Configuration button is missing
1440568 - Ad-hoc metrics page title regression
1440573 - [Ansible-UI]: Improve task name for Ansible tasks.
1440574 - Automate import does not update display_name and description attributes in Namespace objects
1440579 - SUI : Only stack name should be shown in relationships table for stack VM
1440851 - [RFE] Add link to Kibana UI from OpenShift Provider
1441198 - Error '[NoMethodError]: undefined method `base_model' for NilClass:Class' generating chargeback for container images report
1441201 - OpenShift Refresh duration exceeds default two hour timeout and grows > 8GB never fully completing
1441203 - Message timeout of 600 seconds does not allow perf_capture_timer to finish
1441244 - CFME collects C&U metrics even before resource creation
1441249 - Unexpected error while executing a custom button
1441253 - Missing Refresh button in Automation/Ansible tabs
1441265 - Add Provider->Type "RHEVM" should change to "RHV"
1441270 - First and Last name are not being populated in automate during life-cycle provisoning
1441271 - queue_name_for_metrics_collection raises an exception when ems is nil
1441295 - Ansible output does not contain line breaks and is hard to read
1441300 - Clicking on credential from grid/tile view is redirected to cloud  key pair page
1441303 - [Ansible Tower] - The page you were looking for doesn't exist.
1441318 - SSUI: Hover text is not present on Service summary page.
1441320 - SelfService - " Category and Assigned Value " drop down list  displays the same name in edit tags
1441328 - cloud_init re-runs on appliacne reboot, static networking configuration lost
1441329 - IPv6 address in appliance_console summary is "/24" despite not using IPv6
1441330 - appliance_console doesn't ask for database disk while setting secondy DB appliance
1441402 - Wrong year in about popup window
1441404 - SUI : Snapshot is not created when VM is not connected to active provider but success message is displayed.
1441416 - dynamic check box does not update on SSUI
1441647 - methods not sorted in frame on right side in automate
1441657 - Topology View for VMware does not show all relationships
1441658 - "NetworkError attempting to fetch resource" flash during updating ansible credentials
1441661 - Topology View at Project Level does not use proper project icon
1441670 - Add provider screen: No error message when trying to add a provider with a custom ssl certificate that does not match
1441726 - Smartstate Analysis Error Unable to mount filesystem Unable to determine port used by VixDiskLib VMware
1441740 - When moving AWS provider from one zone to another Network Manager info no longer updates
1441753 - Get IP address automation code not working Azure
1441854 - OpenShift provider event storm POD_FAILEDSYNC
1442103 - UI: Topology - unable to confirm search by pressing the Return key, reacts only to a mouse click
1442150 - [SDN] - Disable CRUD actions for Azure/Amazon Network providers
1442163 - OSP refresh fail with Validation failed: Name can't be blank
1442167 - OCP Ad-Hoc metrcis fails with "504 Gateway Time-out The server didn't respond in time"
1442168 - When using dynamic drop downs, sorting of items doesn't work in self service portal.
1442170 - Refresh the CF Provider to refresh its inventory of the PROJECT
1442172 - Ansible Event monitor error's out when it does not reside on same CF appliance with Embedded Ansible/Provider Int/Op
1442174 - [Ansible Tower] - Switching to Grid View or Tile View is not possible
1442175 - EC2 provision dialogs do not support selecting multiple IPs for multi provision
1442179 - containers: web console button is generating an Unexpected error encountered
1442763 - OpenStack refresh fail with nil:NilClass
1442766 - For OSP10 provider, Cinder volume creation is never finishing on the UI
1442767 - [Ansible Tower] - Ansible Tower Jobs - relationships table wrong redirection to Parent Provider
1442768 - Rhev inventory refresh fails after rhev upgrade from 3.6 to 4.0
1442770 - RoutingError when clicked on any job in ansible tower jobs
1442888 - UI log collection does not collect ansible logs
1442891 - error when creating a group + setting the tag in create
1442900 - CloudForms 4.2 is not displaying vm network metric info from OSP10 provider
1442901 - SUI : Error opening VM console
1442902 - SUI: Clicking on catalogs displays all services instead of catalogs.
1443079 - vmware_CustomizeRequest Provisioning Type: ManageIQ::Providers::Vmware::InfraManager::Provision does not match, skipping processing
1443081 - Auto_placement provision in Redhat domain fails due to selecting Host in Maintenance state.
1443082 - SyntaxError when clicking on Refresh button for OpenStack Infra at Dashboard view
1443084 - UI: infinispinner appears on Infrastructure Timelines page.
1443085 - UI: Red Hat Insights Navigation is missing
1443086 - [RFE] Drop support for VMware MKS and old VMRC consoles
1443087 - Amazon S3 Storage Manager | Seahorse::Client::NetworkingError]: Failed to open TCP connection
1443088 - SUI : Wrong pending request count displayed in dashboard
1443091 - [Ansible Embedded] - Unable to edit the repository
1443093 - Provider summary page, Hosts & Clusters, Vms and Templates images has changed into some plain image.
1443094 - Middleware - Domain mode EAP7 container is not immutable
1443096 - Entering Ansible Repository Incorrectly does not provide feedback that creation fails
1443099 - SUI : Custom button needs to be aligned with other buttons in toolbar
1443100 - add repo operation should generate notifications
1443113 - Back button on Provider dashboard screens should be removed
1443118 - Cloud Intel - Reports: Can't import widgets
1443166 - External Auth - FreeIPA - Self-service UI doesn't time out when session timeout is reached
1443243 - UI: "Save" button is still enabled when no server is selected in "Edit Management Engine Relationship" for VM/Instance
1443245 - Clicking on Group or Role name link/icon in the user's details page does nothing
1443247 - Using REST API - encountering "NoMethodError: undefined method `key?' for #<Array..."
1443564 - Ad-hoc metrics UI - pagination buttons and text boxes are set in inappropriate location on page
1443566 - UI: Icon is missing for "Win Services" under "Configuration" section on VM summary page.
1443568 - Default catalogue item image displays 'T'
1443569 - OpsUI - Ansible - MyServices -  Plays - Blank table of details
1443571 - the amazon  best fit method sometimes attempts to select networks that aren't available to the region in use
1443669 - Unable to edit/add  service dialog imported from CF 4.0 to 4.2
1443694 - [RFE] Container Management Operator Role should exist in CloudForms out-of-the-box
1443695 - [RFE] Container Management Administrator Role should exist in CloudForms out-of-the-box
1443696 - Full refresh of second VMware provider isn't automatically started after it is added
1443700 - [Regression] storage.perf_capture ERROR
1443714 - Adding SSO to External Logging link
1443731 - When clicking on the router/security group icon it just refreshed the page on edit tags page.
1443798 - Containers may get (ems_id and old_ems_id) == nil
1443800 - Authentication Self_Service UI externalauth/miqldap Lack of user perms clarification
1444034 - UI: Unnecessary Paging bar on Requests page.
1444035 - UI: List views forget checked items when resorted by clicking on a column header.
1444038 - Chargeback for container images report editor filter tab produces an error if there are too many images in the database
1444050 - Chargeback report generation keeps whole openshift env in the memory (even after it finishes)
1444055 - Middleware - Deploy newer version of existing archive fails without option
1444060 - Self Service UI does not properly select defaults for dynamic drop downs
1444066 - Cockpit console does not open
1444067 - Container node tags are not available as report fields in Node reports
1444164 - FATAL -- : Error caught: when Clicked on Orphaned Data tab on Diagnostics Region page
1444165 - Hover text is not showing properly on Service page
1444169 - Typo in Edit Report Menus tree
1444171 - Quadicon image not display in grid/tile views for Catalogs and Orchestration Templates
1444172 - Ability to create cloud volumes for a specific block storage manager broke forms dealing with cloud volumes.
1444174 - Memory utilization metrics fail to account for system cache
1444175 - No notifications about finished service retirement
1444176 - [SDN][Azure] - Edit Tags button clickable after Net provider refresh without selected provider
1444179 - Info icon (pficon-info) looks slightly corrupted in 5.8
1444180 - Sorting configuration providers by url throws "undefinedColumn: ERROR: column providers.url does not exist"
1444213 - Ensure managers change zone and provider region with cloud manager (OpenStack)
1444219 - Ensure managers change zone and provider region with cloud manager (Google)
1444222 - Embedded Ansible Service is not passing extra_vars overridden at runtime by user
1444329 - Policy Simulation results tree nodes are not properly escaped
1444504 - No pop-up with support case when collecting logs thru dropbox from second server in distributed mode
1444506 - Wrong page title in Automation/Ansible/Playbook
1444507 - [Ansible] New credentials with private keys are not added
1444508 - Refresh doesn't remove the only and deleted ansible repository causing next deletion to fail
1444510 - Amazon Availability Zone Timelines page is broken
1444516 - Embedded tower event catcher collect not working
1444871 - Ansible Credentials type should have proper format
1444872 - Calendar control on C&U gap collection page is clipped
1444873 - [SDN][EC2] - singular in downloaded files and subjects
1444878 - Some menu items does not get translated when language is switched.
1444884 - UI: Some texts are not translated in Navigation
1444889 - After the removal of a rhev provider the datastores are still displayed but unable to be deleted
1444891 - Error "undefined method `id' for nil:NilClass" in UI  when clicked on Refresh embedded Ansible provider
1444910 - Group UI | Save button is not active when deselect cloud provider in "Hosts&Clusters" tab
1444930 - UI: VM reconfigure table needs formatting
1444943 - Infinispinner appears on Database Backup Settings page when clicking on submit button.
1444968 - No flash message displayed when retiring the provisioned service
1444995 - [RHOS]:Create snapshot button gets disabled after creating the first snapshot on an instance
1444996 - [NoMethodError]: undefined method `merge!' for nil:NilClass encountered for OpenShift full refresh
1445002 - Error Message when adding a Containers Provider with SSL/Wrong Port
1445006 - Error message is absent when trying to add chargeback rate with the same name
1445008 - Unable to edit tag/manage policies for storage managers from list view
1445015 - RBAC:Naming Inconsistency in product feature tree
1445016 - Change in gem syntax from 4.0 to 4.2 NoMethodError undefined method `run' for LinuxAdmin:Module
1445075 - Tag Visibility | Host is restricted for user with 'Host&Clusters' and Tag filters set up
1445083 - After adding Google Compute Engine throwing "[NoMethodError]: undefined method `empty?' for nil:NilClass" in evm.log
1445086 - Container volumes should honour tag visibility
1445103 - [Ansible Tower] - Ansible Tower Jobs - relationships table - undefined method when clicking on Service
1445108 - Wrong flash message after ansible playbook catalog item deletion
1445111 - UI blows up while trying to create a cloud volume from the Storage Summary screen
1445112 - SUI : Sort "My Service" page based on created time
1445283 - Error: undefined method `all' for nil:NilClass [ems_cluster/button]  when clicked set retirements Dates for the VMS
1445311 - [RFE] CFME 4.1 EMS Refresh should be targeted for folder create, as opposed to a full EMS Refresh
1445354 - [RFE] Edit action is not been supported for VMS resources.
1445363 - Saved mapping rule has always Resource Entity as <All>
1445368 - Error flash msg of mapping tag with already existing label has additional ", " characters before label name
1445369 - Ampersand not rendering correctly in "Status of Roles for Servers in Zone"
1445376 - Cannot copy a built in OpenSCAP policy
1445378 - FATAL -- : Error caught: while changing page per items on Customization Templates
1445379 - [RFE] Make the process of reintroducing a failed HA node more user-friendly
1445380 - After reintroducing a failed primary node, there are old replication slots left on the "new" node
1445385 - In new db master node, pg_xlog directory got fulled
1445389 - [Ansible Embedded] - Editing Name of Amazon Credentials is not possible without filling keys again
1445803 - Restore to global region fails due to connection to database
1445804 - Getting undefined method `get_folder_paths' after applying RHSA-2017:0898
1445823 - Downloaded pdf summary report for hosts contains "ManageIQ"  upstream name
1445888 - VM state is not refreshed, after moving VM from running on one host to another
1445892 - [Ansible Embedded] - Extra variables can be deleted but form cannot be saved
1445893 - Create new cloud tenant fails: Unable to create Cloud Tenant "my_cloud": Expected([200]) <=> Actual(404 Not Found) excon.error.response :body
1445894 - Unable to create ansible playbook catalog item
1445895 - Embedded ansible logs should be rotated
1445899 - Error in re-configuring service: "Error during 'Provisioning': undefined method `match' for 0:Fixnum Did you mean? catch"
1445900 - During Automate Simulation the UI keeps spinning when the result has hash contents
1445936 - SCVMM provisioning started failing with Errno::ENAMETOOLONG
1445942 - Unable to edit the retirement tab in ansible playbook catalog item
1446245 - Standard output is missing in provisioned ansible playbook service
1446251 - Middleware - Add new Datasource Fails
1446277 - Error when displaying reconfigure dialog page for VM if VM has no Flavor
1446303 - Unable to launch targeted ansible refresh from repo list view
1446304 - Reintroducing a standby node that has already be reintroduced causes failure
1446329 - Switch to new Inventory implementation
1446387 - Middleware - Standalone EAP7 Server is shown as Immutable
1446613 - accessing RHEV provider fails with "NoMethodError: undefined method `>=' for nil:NilClass"
1446618 - OpsUI - MyServices - Credentials do not show
1446651 - Month selection arrows for C&U Gap collection are hidden in the UI
1446734 - CFME shows error page and throws exception to log when instance/vm/image/etc title is clicked
1446739 - Metrics collection for osp nodes failed on RHOS11
1446743 - MW - Container linking does not work with EAP on Javaagent
1446775 - containers: [" characters are added to the tags under Smart Management of container services
1446784 - New Orchestration Template Drop-down menu doesn't list vApp Template
1446790 - incorrect href attribute values for Foreman providers
1447049 - [RFE] Volumes summary page does not display any data related to containers that are using persistent volume claim
1447051 - ManageIQ icon on SUI order page
1447086 - [Ansible Embedded] - Privilege escalation for playbook does not work
1447088 - Service Catalogs: Dialogs are hanging and keeps buffering
1447126 - [Ansible Tower] - Search bar missing when navigated to Config manager e.g. from Compute
1447350 - evm fails to start on remote region after upgrading from 5.6 rubyrep to 5.8
1447367 - Ansible playbook service cannot be retired
1447372 - Tag Visibility | Access Controll: All users, groups, and tenants are visible for restricted user
1447373 - limit list of user for tenant-administator role
1447382 - Service : PXE provisioning for RHEV fails
1447388 - Ansible Playbook service retirement option should not include hosts and extra_vars when no playbook is select
1447391 - service dialog dynamic code works in admin portal but not in self-service portal
1447427 - Ansible Playbook service catalog item update failed with new_dialog_name and dialog_id both exist
1447432 - Topology view crashes with container linking in place
1447690 - Service : Separate services are provisioned when a bundle is ordered
1447704 - Crosslinked containers on middleware topology graph
1447752 - WebUI:RBAC-Unable to login when the user has only access to Chargeback feature
1447778 - VM snapshot: revert option is enabled, for Active VM
1448045 - UI lag due to more than 3650 messages in notification
1448071 - [vSphere] UI-RBAC: undefined method `all' for nil:NilClass error appears while setting ownership for template
1448079 - SSUI internationalization is incomplete
1448098 - Ansible Playbook repo's do not load playbooks after editing
1448131 - Show cross linking containers links in middleware server summary page
1448207 - Run time crash error when selecting Compute => Clouds => Topology
1448417 - Default dynamic text boxes should be blank
1448419 - Default value of dynamic dropdown list not honored CloudForms 4.2
1448499 - Invalid ExtManagementSystem id 12,000,000,000,003 specified on volume create --> failed
1448506 - The create_service_provision_request call on a service_template doesn't return a MiqRequest object
1448527 - Report no ReFS FileSystem Support
1448537 - redhat_CustomizeRequest Provisioning Type: does not match, skipping processing
1448545 - Unable to compare cloud instances."Compare selected items" option remains disabled
1448863 - cfme not passing cloud init payload to vm's
1448868 - Retirement tab is not shown for retired service
1448899 - Approve and Deny Order not working
1448902 - Remove search option from Inventory Group summary page of  Ansible Tower Provider
1448917 - [Ansible Embedded] - Editing Embedded Ansible Credentials form is not possible without filling credentials again
1448942 - Typo in flash message after cancellation of tenant creation
1448943 - Unable to add multiple elements to a dialog
1449190 - VM provision from ISO fail
1449193 - RHV provider refresh fail on "undefined method `split' for nil:NilClass"
1449215 - CFME SSUI language selection has repetitive entries for Chinese
1449223 - Some notifications show ManageIQ not CFME
1449269 - can't provision to RHEVM 4.0
1449364 - Ansible playbook cannot be added to a bundle
1449365 - UI: Security Groups show fails with comparison of Array with Array error
1449366 - Credential List is Empty when the Ansible Playbook Service Dialog is invoked from a Button versus a Service Order Screen
1449412 - MiqVimBrokerWorker exceeding memory after upgrading from 5.6 -> 5.7
1449748 - retirement runs in any zone as of 5.7.1
1449792 - ServiceUI - Missing Requests column on main dashboard
1449803 - Ansible Playbook : UI issues and button
1449810 - Retirement tab is not shown for retired service if "Copy from Provisioning" was pressed
1449811 - "Copy from Provisioning" leaves "Remove resources?" field value as is
1449843 - Attaching EBS volume to an instance results in error
1449846 - bad error message when adding playbook catalog item while embedded ansible is disabled
1450085 - Network Topology does not show Cloud Routers
1450096 - Refresh button in a dialog does not show in SUI
1450220 - Cannot select placement for Cloud Volumes (openstack cinder storage provider) and this volumes are created in different tenants during provisioning of the instance.
1450469 - Windows7 and Windows 2012- IE 11-  HTML5 Console Remains in Connecting State Indefinitely
1450470 - SSA fails on timeout for large images
1450485 - Automate method to order an Ansible Playbook Service from a button
1450492 - Create the .pgpass and print required conf for standby on primary database servers
1450962 - Middleware - Add new JDBC Driver Fails
1450966 - [Ansible Tower] Advanced search feature broken
1451046 - Queued item containing secrets is being dumped in plain-text in evm.log
1451078 - SSUI: Restricted user(tag) can see service items list(but cannot open or order them)
1451081 - Service catalog(count) on right should match the number displayed on left menu
1451121 - Add new repository is shown even when embedded ansible is not enabled.
1451395 - CFME 5.7.2.1 does not support group/tag access restrictions for performance reports
1451457 - Raise minimum memory requirement for CFME appliances to 12GB
1451780 - [Ansible Embedded] - SCM credentials cannot be added
1451920 - [Ansible Embedded] - Empty stdout after playbook execution
1451922 - 404 error on deployment roles page
1451925 - Unexpected error encountered after clicking on RSS Feeds links
1451939 - Ansible - SUI - VMs when linked to service are not shown, opsUI shows them correctly
1452333 - Error when executing a button assigned to a button group
1452823 - [Microsoft]Auto_placement provision fails due to selecting Host in Maintenance state

6. Package List:

CloudForms Management Engine 5.8:

Source:
ansible-2.2.1.0-2.el7.src.rpm
bubblewrap-0.1.7-1.el7.src.rpm
cfme-5.8.0.17-1.el7cf.src.rpm
cfme-appliance-5.8.0.17-1.el7cf.src.rpm
cfme-gemset-5.8.0.17-1.el7cf.src.rpm
erlang-19.0.4-1.el7at.src.rpm
freeipmi-1.5.1-2.el7cf.src.rpm
google-compute-engine-2.0.0-1.el7cf.src.rpm
google-config-2.0.0-1.el7cf.src.rpm
libtomcrypt-1.17-23.el7.src.rpm
libtommath-0.42.0-4.el7.src.rpm
nginx-1.10.2-1.el7at.src.rpm
postgresql94-9.4.11-2PGDG.el7at.src.rpm
prince-9.0r2-10.el7cf.src.rpm
python-crypto-2.6.1-7.el7.src.rpm
python-ecdsa-0.11-4.el7.src.rpm
python-httplib2-0.9.1-2.1.el7.src.rpm
python-keyczar-0.71c-2.el7.src.rpm
python-meld3-0.6.10-1.el7.src.rpm
python-paramiko-1.15.2-3.el7.src.rpm
python-passlib-1.6.5-1.1.el7.src.rpm
rabbitmq-server-3.6.5-1.el7at.src.rpm
rh-postgresql95-postgresql-pglogical-1.2.1-1.el7cf.src.rpm
rh-postgresql95-repmgr-3.1.3-2.el7cf.src.rpm
rh-ruby23-rubygem-bcrypt-3.1.10-3.el7cf.src.rpm
rh-ruby23-rubygem-eventmachine-1.0.7-6.el7cf.src.rpm
rh-ruby23-rubygem-ffi-1.9.8-4.el7cf.src.rpm
rh-ruby23-rubygem-hamlit-2.7.2-1.el7cf.src.rpm
rh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.src.rpm
rh-ruby23-rubygem-json-2.0.2-1.el7cf.src.rpm
rh-ruby23-rubygem-linux_block_device-0.2.1-1.el7cf.src.rpm
rh-ruby23-rubygem-memory_buffer-0.1.0-2.el7cf.src.rpm
rh-ruby23-rubygem-net_app_manageability-0.1.0-3.el7cf.src.rpm
rh-ruby23-rubygem-nio4r-1.2.1-1.el7cf.src.rpm
rh-ruby23-rubygem-nokogiri-1.6.8-1.el7cf.src.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-4.1.5-1.el7cf.src.rpm
rh-ruby23-rubygem-pg-0.18.2-5.el7cf.src.rpm
rh-ruby23-rubygem-pkg-config-1.1.7-1.el7cf.src.rpm
rh-ruby23-rubygem-puma-3.3.0-1.el7cf.src.rpm
rh-ruby23-rubygem-redhat_access_cfme-1.1.0-1.el7cf.src.rpm
rh-ruby23-rubygem-redhat_access_lib-0.1.0-1.el7cf.src.rpm
rh-ruby23-rubygem-rugged-0.25.0-b10.2.el7cf.src.rpm
rh-ruby23-rubygem-thin-1.7.0-1.el7cf.src.rpm
rh-ruby23-rubygem-unf_ext-0.0.7.1-3.el7cf.src.rpm
rh-ruby23-rubygem-websocket-driver-0.6.3-1.el7cf.src.rpm
smem-1.4-1.el7cf.src.rpm
sshpass-1.06-1.el7.src.rpm
supervisor-3.1.3-3.el7.src.rpm
wmi-1.3.14-7.el7cf.src.rpm

noarch:
ansible-2.2.1.0-2.el7.noarch.rpm
google-compute-engine-2.0.0-1.el7cf.noarch.rpm
libtomcrypt-doc-1.17-23.el7.noarch.rpm
libtommath-doc-0.42.0-4.el7.noarch.rpm
nginx-all-modules-1.10.2-1.el7at.noarch.rpm
nginx-filesystem-1.10.2-1.el7at.noarch.rpm
python-ecdsa-0.11-4.el7.noarch.rpm
python-httplib2-0.9.1-2.1.el7.noarch.rpm
python-keyczar-0.71c-2.el7.noarch.rpm
python-paramiko-1.15.2-3.el7.noarch.rpm
python-paramiko-doc-1.15.2-3.el7.noarch.rpm
python-passlib-1.6.5-1.1.el7.noarch.rpm
rabbitmq-server-3.6.5-1.el7at.noarch.rpm
rh-ruby23-rubygem-bcrypt-doc-3.1.10-3.el7cf.noarch.rpm
rh-ruby23-rubygem-eventmachine-doc-1.0.7-6.el7cf.noarch.rpm
rh-ruby23-rubygem-ffi-doc-1.9.8-4.el7cf.noarch.rpm
rh-ruby23-rubygem-hamlit-doc-2.7.2-1.el7cf.noarch.rpm
rh-ruby23-rubygem-http_parser.rb-doc-0.6.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-linux_block_device-doc-0.2.1-1.el7cf.noarch.rpm
rh-ruby23-rubygem-memory_buffer-doc-0.1.0-2.el7cf.noarch.rpm
rh-ruby23-rubygem-net_app_manageability-doc-0.1.0-3.el7cf.noarch.rpm
rh-ruby23-rubygem-nio4r-doc-1.2.1-1.el7cf.noarch.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-doc-4.1.5-1.el7cf.noarch.rpm
rh-ruby23-rubygem-pg-doc-0.18.2-5.el7cf.noarch.rpm
rh-ruby23-rubygem-pkg-config-1.1.7-1.el7cf.noarch.rpm
rh-ruby23-rubygem-pkg-config-doc-1.1.7-1.el7cf.noarch.rpm
rh-ruby23-rubygem-puma-doc-3.3.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-redhat_access_cfme-1.1.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-redhat_access_cfme-doc-1.1.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-redhat_access_lib-0.1.0-1.el7cf.noarch.rpm
rh-ruby23-rubygem-rugged-doc-0.25.0-b10.2.el7cf.noarch.rpm
rh-ruby23-rubygem-unf_ext-doc-0.0.7.1-3.el7cf.noarch.rpm
rh-ruby23-rubygem-websocket-driver-doc-0.6.3-1.el7cf.noarch.rpm
smem-1.4-1.el7cf.noarch.rpm
supervisor-3.1.3-3.el7.noarch.rpm

x86_64:
ansible-tower-server-3.1.2-1.el7at.x86_64.rpm
ansible-tower-setup-3.1.2-1.el7at.x86_64.rpm
bubblewrap-0.1.7-1.el7.x86_64.rpm
bubblewrap-debuginfo-0.1.7-1.el7.x86_64.rpm
cfme-5.8.0.17-1.el7cf.x86_64.rpm
cfme-appliance-5.8.0.17-1.el7cf.x86_64.rpm
cfme-appliance-debuginfo-5.8.0.17-1.el7cf.x86_64.rpm
cfme-debuginfo-5.8.0.17-1.el7cf.x86_64.rpm
cfme-gemset-5.8.0.17-1.el7cf.x86_64.rpm
erlang-19.0.4-1.el7at.x86_64.rpm
erlang-debuginfo-19.0.4-1.el7at.x86_64.rpm
freeipmi-1.5.1-2.el7cf.x86_64.rpm
freeipmi-bmc-watchdog-1.5.1-2.el7cf.x86_64.rpm
freeipmi-debuginfo-1.5.1-2.el7cf.x86_64.rpm
freeipmi-devel-1.5.1-2.el7cf.x86_64.rpm
freeipmi-ipmidetectd-1.5.1-2.el7cf.x86_64.rpm
freeipmi-ipmiseld-1.5.1-2.el7cf.x86_64.rpm
google-config-2.0.0-1.el7cf.x86_64.rpm
libtomcrypt-1.17-23.el7.x86_64.rpm
libtomcrypt-debuginfo-1.17-23.el7.x86_64.rpm
libtomcrypt-devel-1.17-23.el7.x86_64.rpm
libtommath-0.42.0-4.el7.x86_64.rpm
libtommath-debuginfo-0.42.0-4.el7.x86_64.rpm
libtommath-devel-0.42.0-4.el7.x86_64.rpm
nginx-1.10.2-1.el7at.x86_64.rpm
nginx-debuginfo-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-geoip-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-image-filter-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-perl-1.10.2-1.el7at.x86_64.rpm
nginx-mod-http-xslt-filter-1.10.2-1.el7at.x86_64.rpm
nginx-mod-mail-1.10.2-1.el7at.x86_64.rpm
nginx-mod-stream-1.10.2-1.el7at.x86_64.rpm
postgresql94-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-contrib-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-debuginfo-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-devel-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-docs-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-libs-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-plperl-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-plpython-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-pltcl-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-server-9.4.11-2PGDG.el7at.x86_64.rpm
postgresql94-test-9.4.11-2PGDG.el7at.x86_64.rpm
prince-9.0r2-10.el7cf.x86_64.rpm
python-crypto-2.6.1-7.el7.x86_64.rpm
python-crypto-debuginfo-2.6.1-7.el7.x86_64.rpm
python-meld3-0.6.10-1.el7.x86_64.rpm
python-meld3-debuginfo-0.6.10-1.el7.x86_64.rpm
rh-postgresql95-postgresql-pglogical-1.2.1-1.el7cf.x86_64.rpm
rh-postgresql95-postgresql-pglogical-debuginfo-1.2.1-1.el7cf.x86_64.rpm
rh-postgresql95-repmgr-3.1.3-2.el7cf.x86_64.rpm
rh-postgresql95-repmgr-debuginfo-3.1.3-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-bcrypt-3.1.10-3.el7cf.x86_64.rpm
rh-ruby23-rubygem-bcrypt-debuginfo-3.1.10-3.el7cf.x86_64.rpm
rh-ruby23-rubygem-eventmachine-1.0.7-6.el7cf.x86_64.rpm
rh-ruby23-rubygem-eventmachine-debuginfo-1.0.7-6.el7cf.x86_64.rpm
rh-ruby23-rubygem-ffi-1.9.8-4.el7cf.x86_64.rpm
rh-ruby23-rubygem-ffi-debuginfo-1.9.8-4.el7cf.x86_64.rpm
rh-ruby23-rubygem-hamlit-2.7.2-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-hamlit-debuginfo-2.7.2-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-2.0.2-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-debuginfo-2.0.2-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-json-doc-2.0.2-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-linux_block_device-0.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-linux_block_device-debuginfo-0.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-memory_buffer-0.1.0-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-memory_buffer-debuginfo-0.1.0-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-net_app_manageability-0.1.0-3.el7cf.x86_64.rpm
rh-ruby23-rubygem-net_app_manageability-debuginfo-0.1.0-3.el7cf.x86_64.rpm
rh-ruby23-rubygem-nio4r-1.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nio4r-debuginfo-1.2.1-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-1.6.8-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-debuginfo-1.6.8-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-doc-1.6.8-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-4.1.5-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-ovirt-engine-sdk4-debuginfo-4.1.5-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-pg-0.18.2-5.el7cf.x86_64.rpm
rh-ruby23-rubygem-pg-debuginfo-0.18.2-5.el7cf.x86_64.rpm
rh-ruby23-rubygem-puma-3.3.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-puma-debuginfo-3.3.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-rugged-0.25.0-b10.2.el7cf.x86_64.rpm
rh-ruby23-rubygem-rugged-debuginfo-0.25.0-b10.2.el7cf.x86_64.rpm
rh-ruby23-rubygem-thin-1.7.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-thin-debuginfo-1.7.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-thin-doc-1.7.0-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-unf_ext-0.0.7.1-3.el7cf.x86_64.rpm
rh-ruby23-rubygem-unf_ext-debuginfo-0.0.7.1-3.el7cf.x86_64.rpm
rh-ruby23-rubygem-websocket-driver-0.6.3-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-websocket-driver-debuginfo-0.6.3-1.el7cf.x86_64.rpm
sshpass-1.06-1.el7.x86_64.rpm
sshpass-debuginfo-1.06-1.el7.x86_64.rpm
wmi-1.3.14-7.el7cf.x86_64.rpm
wmi-debuginfo-1.3.14-7.el7cf.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-4457
https://access.redhat.com/security/cve/CVE-2017-2639
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html/release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZLtd1XlSAg2UNWIIRAslNAKCBuGzH75w8IfJiztZHOo/PMbAW/ACeIoSU
2WMAPlJkNuO/yS93mrS8XAA=
=w+9I
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息

Red Hat CloudForms Management Engine CVE-2016-4457 Security Bypass Vulnerability
Design Error 90969
Yes No
2016-05-31 12:00:00 2016-07-06 02:53:00
Šimon Lukašík of Red Hat

- 受影响的程序版本

- 漏洞讨论

Red Hat CloudForms Management Engine is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows an attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

- 漏洞利用

Attackers can use readily available tools to exploit this issue.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站