-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat CloudForms security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:3005-01
Product:           Red Hat CloudForms
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:3005
Issue date:        2017-10-24
Cross references:  RHSA-2017:1758
CVE Names:         CVE-2017-11610 CVE-2017-12148 
====================================================================
1. Summary:

An update is now available for CloudForms Management Engine 5.8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.8 - noarch, x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

The following packages have been upgraded to a later upstream version:
ansible-tower (3.1.5), cfme (5.8.2.3), cfme-appliance (5.8.2.3),
cfme-gemset (5.8.2.3), rabbitmq-server (3.6.9), rh-ruby23-rubygem-nokogiri
(1.8.1), supervisor (3.1.4). (BZ#1476286, BZ#1485484)

Security Fix(es):

* A flaw was found in Tower's interface with SCM repositories. If a Tower
project (SCM repository) definition does not have the 'delete before
update' flag set, an attacker with commit access to the upstream playbook
source repository could create a Trojan playbook that, when executed by
Tower, modifies the checked out SCM repository to add git hooks. These git
hooks could, in turn, cause arbitrary command and code execution as the
user Tower runs as. (CVE-2017-12148)

* A vulnerability was found in the XML-RPC interface in supervisord. When
processing malformed commands, an attacker can cause arbitrary shell
commands to be executed on the server as the same user as supervisord.
Exploitation requires the attacker to first be authenticated to the
supervisord service. (CVE-2017-11610)

The CVE-2017-12148 issue was discovered by Ryan Petrello (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1439650 - Tenant and catalog information missing in Service Catalog Item Being Tagged
1459987 - Changes to timeout setting should not require evmserverd restart
1459996 - [RFE] Add support for virt v2v
1460754 - containers: containers analysis task results - user is system and owner is empty
1461061 - Add rate view option for counters in Ad-hoc Metrics
1465087 - Service template provisioning request do not honour quotas
1465089 - "Items" keyword in the dropdown list values of Default Items Per Page in my settings
1471709 - Default landing page is not showing "storage page" related options for custom made role
1476143 - CVE-2017-11610 supervisor: Command injection via malicious XML-RPC request
1477194 - AD with external auth, When doing group lookup for user group SID number is displayed instead of Group name
1477616 - Validation failed: Status is not included in the list
1477701 - Error caught: [NoMethodError] undefined method `[]' for nil:NilClass for REGULAR EXPRESSION MATCHES report
1477702 - UI: Unable to edit Compliance Policy Scope condition.
1478367 - 400 Bad Request Provision Error
1478372 - All start page entries must be updated to include the new navigation
1478379 - We do not check the base unit when creating the unit label
1478391 - Limit ansible playbook catalog item description
1478398 - Fields change in Advanced search in Automation -> Ansible Tower page
1478400 - Delete saved report button is not available on the configuration tab on report summary page
1478406 - Link to PV summary pdf broken
1478407 - [RFE] Create Backup for Cloud Volume should have force checkbox
1478409 - Error caught: [NoMethodError] undefined method `+' for nil:NilClass
1478415 - [Azure] User password limitations are not working correctly
1478418 - [RFE] Add support for VM "Restart Guest", for RHV provider
1478421 - Enabling Capacity & Utilization without filling C&U credentials generate repeated Errors in evm.log
1478428 - Default capture_threshold value for OpenShift object types is too low
1478429 - 'Ansible Tower' should not be mentioned in CloudForms notification when using Ansible Automation Inside
1478434 - prevent two miq servers from starting
1478435 -  found as option in drop down service dialogs
1478436 - Remote VNC/SPICE consoles lack logging when the remote endpoint is inaccessible
1478506 - inconsistent response when deleting nonexistent VM snapshot using API
1478508 - Not able to retire VM/instance via API unless "Set Retirement Date" feature is checked for role
1478510 - [POD] database.yml and GUID collected as link after log collection in podified appliance
1478513 - Configuration Manager name change not displayed
1478515 - Accessing the 'manager' association of a ManageIQ_Providers_EmbeddedAnsible_AutomationManager_Job service model gives a NoMethodError exception
1478523 - Productized border at top of page should be red not blue
1478526 - Unable to save trusted forest Settings
1478527 - CFME crashes in case of description field not found
1478529 - Tag|Ansible Job template| Page refreshes after try to navigate to template detail page from edit tag page
1478532 - In case system project not exsit, no filters load on Ad hoc metrics
1478535 - Boolean user input filter should be select bar to prevent exceptions
1478542 - SUI : Start/Stop operation on any service hides the top button menu bar
1478544 - After applying errata 5.7.3.2 some dialog field default values are missing in the self-service portal
1478554 - Not possible to refresh automate from GIT using API call
1478557 - Tag with Key 'Name' and a nil Value Breaks Refresh for AWS
1478558 - Container build pods are linked to build configurations from wrong namespaces
1478560 - RHV provider does not trust certificate authorities from the system CA database
1478562 - [VMWARE]Auto_placement provision into DVPortGroup fails on Virtual Center 6.5
1478563 - [RFE] Warning message on "admin" username during Azure provision
1478565 - Error generating reports after upgrading to 4.5
1478568 - Builds are connected to pods from different namespaces when builds have the same names
1478571 - Cloud volume operations are blocked by "Must filter on valid attributes for resource" error
1479367 - Provisioning to MS SCVMM Uses host.name instead of host.hostname
1479405 - [v2v] Drivers ISO filtering is broken
1479407 - Ansible inside Job times out even if the playbook is still running
1479409 - incorrect value used in stock automation wait_for_completion
1479414 - [v2v] Failures/Errors are not reflected at all in the Automate request messages
1479423 - Generic Service State Machine missing retry interval
1479437 - Azure inventory collection fails with missing instances for west-india region
1479453 - [v2v] operation always fail eventually, even in cases VM import was successful.
1479454 - [v2v] request timeout is very long (~2 days)
1479478 - VM Migrate State Machine does not correctly report migration errors.
1479481 - A deleted VM state do not change to Archived state
1479802 - Adding dialog for a new cloud volume doesn't show EBS storage manager
1479805 - Unable to provision against vmware with "multiple parents found" error
1479886 - After Applying ERRATA-RHSA-2017:1601 full refreshes are being trigged frequently
1479917 - Tag | Groups: Datastores is missing in "Host & Clusters" tree
1479920 - Hawkular verification - error message contains HTML tags
1479922 - The notification events are out of order
1479923 - [Embedded Ansible] - Unexpected error when clicking on Download summary icon
1479924 - Embedded Ansible worker has no icon in Diagnostics
1479925 - Button Group details page fields do not mention Group
1479926 - Button edit dialog title is incorrect
1479927 - Unable to perform power control operations on stack instance when navigated through stack summary page
1479929 - VM: Error when clicking on archived or orphaned VMware VM in VM explorer
1479931 - UX: Provisioning an ec2 instance image selection page has Type: "Image" splitted in two lines
1479935 - HTML5 Console: Toggle Full Screen Button Does not Work in Firefox
1479937 - Configuration Management Provider's Verify Peer Certificate setting doesn't get saved
1479938 - zones of sub region show up as zones appliances of a central region can move to
1479941 - Search field disappears when user clicks view selector after user input dialog on Compute->Infrastructure->All VMs page
1479943 - Adding an Automate Task schedule adds UTC to the last Attribute/Value pair
1479944 - User unable to tick the check boxes of the folder while assigning the Alert profile
1479959 - Unable to provision HyperV networking properly
1479972 - TypeError while refreshing a scvmm provider
1479976 - Refresh failed for VMware Provider in Cloudforms 4.5
1479978 - OpenStack cloud provider refresh error: Flavor  could not be found
1479991 - Typo on Infra provider dashboard page
1479993 - Inconsistency between flash message when creating vs. deleting
1479994 - UI: "Unexpected error encountered" when Downloading report in text,csv and pdf format
1480000 - exception on attempt to open report with timelines "Operations VM Power On/Off Events for Last Week"
1480001 - [Embedded Ansible] URL is not validated while adding new Ansible Repository
1480002 - Broken navigation tree in the datastore details screen
1480007 - Provisions via Users in multiple groups in tenants in SSUI result in VMs being provisioned to wrong group/tenant
1480008 - Datasources Download .txt truncates host-name
1480286 - State Machine Changes when User Switches Groups During Provision in Admin UI
1480377 - [RHEVM]: VM snapshot: delete option is enabled, for Active VM
1480586 - [v2v] rephrase "Drivers ISO" label in the v2v dialog
1480588 - [v2v] Move the 'Transform this VM to RHV' option from 'Configuration' to 'Lifecycle'
1480589 - Reports type dashboard widgets cannot be minimized
1480654 - Duplicated users when changed the (upper,lower)case of letters of login name
1480734 - vm_retire_extend references vm.retirement which does not exist anymore, causing crash
1481296 - CloudForms REST API searching for reports by names that contain '>' fails with a '400 - Bad Request'
1481436 - In Utilisation graph for Pods and Containers the Rounding of metrics is inconsistant
1481437 - [UI] - Unexpected error encountered when switching to 'Cloud Intel' main tab
1481439 - Duplicate flash message in Optimize/Bottlenecks
1481442 - duplicate status messages when saving automate methods
1481445 - Ansible Automation: missing group id in manageiq payload
1481449 - Instance Type on Provision Instances remains empty after adding flavor which has disk size of 0
1481450 - Unable to provision against vmware due to "unknown method xsiType"
1481845 - Delete a Template in RHEV that a Catalog uses, no indication in logs or UI when Catalog Ordered
1481846 - appliance_console_cli doesn't handle ipa registration if the password has a '$' in it
1481849 - "Page does not exist"  when clicked on Service Catalog item breadcrumb link from stack page
1481851 - Internal Server Error when creating schedule for automate task
1481853 - Drop down history toolbar button on Import/Export report page is not needed, should be removed.
1482131 - Title displayed in add button page is wrong
1482136 - CFME OpenStack provider missing options to set VLAN or Segmentation ID
1482148 - Missing Icon of power state - migrating
1482170 - unable to provision against openstack with a volume attached
1482666 - Cannot edit Ansible Repository
1482667 - sat6 save button broken after changing rhsm details to sat6 setup
1482668 - prov.set_host fails on 4.5.1 (5.8.1.5.20170725160636_e433fc0)
1482669 - setting hostname through appliance console throws error on ipv6 only env
1482670 - Workers processing a miq_queue message that exceed the memory threshold aren't given enough time to exit gracefully
1484373 - Reports are not generated by API call
1484374 - Failure to collect metrics of Window instances on Azure
1484385 - Setting VM ownership on more than 100 VMs at a time causing server error status 400 bad request
1484424 - [Embedded Ansible] Failed Repository does not show up in All Repositories Table on /ansible_repository/show_list
1484539 - Custom button not passing target object to dynamic dialog fields
1484548 - [RFE] Add config option to skip container_images
1484608 - SUI : The VM status shows "retired" for all VM's ,retired or not.
1484613 - RHEVM Target Refresh Completes Even Though Storage Domain Error is Thrown
1484895 - Reports - pods per ready status - nonexistent pods presented
1484901 - [RFE] Include EvmRole-reader as read-only role in the fixtures
1484904 - Tower version 2 may fail refresh
1484956 - [v2v] 'Drivers ISO' field is not removed when 'install drivers' is unchecked.
1484984 - [RFE] The azure image as built cannot be used in azure.
1485474 - CVE-2017-12148 Ansible Tower modification of git hooks in SCM repo via upstream playbook execution
1486351 - Service order request for VM provision from template fail on  SSL Certificate verification
1486474 - Locale dropdown menu does not have Portuguese
1487283 - Refresh fails: undefined method `[]' for nil:NilClass in `parse_image_name'
1487320 - Unable to access filter tab while Editing chargeback for projects report
1487689 - duplicate users get created from ldap logins
1488967 - Need to verify that SSA works with Azure Managed Storage
1489974 - Unable to login to Amazon account.
1491310 - Smart state analysis on a running vm on Azure doesn't work
1492840 - [UI][Services] - Not all catalog items shown in Service catalogs accordion tree
1493207 - Add miq_provision_quota_mixin to Service Template Provision Request service model.
1494561 - Save only used OpenShift images with labels/tags
1496912 - Proxy configuration does not work in restricted IPV6 only environment
1496946 - setting a dynamic dialog to "required = True" is not saved
1497746 - Editing Name of a Category via API breaks Chargeback Assignments
1497817 - Appliance doesn't start after upgrading from 5.7.4.0 to 5.8.2.0
1497835 - Tag/Networks: Cloud Network list is available for restricted user, if Network manager was tagged
1498230 - [Regression] appliance_console not enabling all required SCAP rules.
1498556 - Azure Smart State on Image results error "Unable to mount filesystem.  Reason:[undefined method `split' for nil:NilClass" in evm.log
1499868 - DB/LDAP User is not able to log into SSUI
1500049 - Cannot add Azure provider to CloudForms 4.2
1500051 - Azure refreshes fail with [NameError]: wrong constant name $default
1500053 - Cloudforms AWS image with Azure provider fails to discover entire environment
1502738 - Dynamic refresh ignored on Service Dialog elements if clicking submit without clicking out of refresh trigger element first

6. Package List:

CloudForms Management Engine 5.8:

Source:
cfme-5.8.2.3-1.el7cf.src.rpm
cfme-appliance-5.8.2.3-1.el7cf.src.rpm
cfme-gemset-5.8.2.3-1.el7cf.src.rpm
rabbitmq-server-3.6.9-1.el7at.src.rpm
rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.src.rpm
supervisor-3.1.4-1.el7.src.rpm

noarch:
rabbitmq-server-3.6.9-1.el7at.noarch.rpm
supervisor-3.1.4-1.el7.noarch.rpm

x86_64:
ansible-tower-server-3.1.5-1.el7at.x86_64.rpm
ansible-tower-setup-3.1.5-1.el7at.x86_64.rpm
cfme-5.8.2.3-1.el7cf.x86_64.rpm
cfme-appliance-5.8.2.3-1.el7cf.x86_64.rpm
cfme-appliance-debuginfo-5.8.2.3-1.el7cf.x86_64.rpm
cfme-debuginfo-5.8.2.3-1.el7cf.x86_64.rpm
cfme-gemset-5.8.2.3-1.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-debuginfo-1.8.1-2.el7cf.x86_64.rpm
rh-ruby23-rubygem-nokogiri-doc-1.8.1-2.el7cf.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-11610
https://access.redhat.com/security/cve/CVE-2017-12148
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html/release_notes/index#red_hat_cloudforms_4_5_2

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZ7obfXlSAg2UNWIIRAqPrAJ4+V6vCPvuuA5uZXoIaMnmU+stPdwCggCdG
Iauqp+TU+nVpaAmy4D675Ic=QGyU
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2017-3005:01 Important: Red Hat CloudForms security, bug fix,

An update is now available for CloudForms Management Engine 5.8

Summary

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
The following packages have been upgraded to a later upstream version: ansible-tower (3.1.5), cfme (5.8.2.3), cfme-appliance (5.8.2.3), cfme-gemset (5.8.2.3), rabbitmq-server (3.6.9), rh-ruby23-rubygem-nokogiri (1.8.1), supervisor (3.1.4). (BZ#1476286, BZ#1485484)
Security Fix(es):
* A flaw was found in Tower's interface with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. (CVE-2017-12148)
* A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord service. (CVE-2017-11610)
The CVE-2017-12148 issue was discovered by Ryan Petrello (Red Hat).
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2017-11610 https://access.redhat.com/security/cve/CVE-2017-12148 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html/release_notes/index#red_hat_cloudforms_4_5_2

Package List

CloudForms Management Engine 5.8:
Source: cfme-5.8.2.3-1.el7cf.src.rpm cfme-appliance-5.8.2.3-1.el7cf.src.rpm cfme-gemset-5.8.2.3-1.el7cf.src.rpm rabbitmq-server-3.6.9-1.el7at.src.rpm rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.src.rpm supervisor-3.1.4-1.el7.src.rpm
noarch: rabbitmq-server-3.6.9-1.el7at.noarch.rpm supervisor-3.1.4-1.el7.noarch.rpm
x86_64: ansible-tower-server-3.1.5-1.el7at.x86_64.rpm ansible-tower-setup-3.1.5-1.el7at.x86_64.rpm cfme-5.8.2.3-1.el7cf.x86_64.rpm cfme-appliance-5.8.2.3-1.el7cf.x86_64.rpm cfme-appliance-debuginfo-5.8.2.3-1.el7cf.x86_64.rpm cfme-debuginfo-5.8.2.3-1.el7cf.x86_64.rpm cfme-gemset-5.8.2.3-1.el7cf.x86_64.rpm rh-ruby23-rubygem-nokogiri-1.8.1-2.el7cf.x86_64.rpm rh-ruby23-rubygem-nokogiri-debuginfo-1.8.1-2.el7cf.x86_64.rpm rh-ruby23-rubygem-nokogiri-doc-1.8.1-2.el7cf.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2017:3005-01
Product: Red Hat CloudForms
Advisory URL: https://access.redhat.com/errata/RHSA-2017:3005
Issued Date: : 2017-10-24
Cross references: RHSA-2017:1758
CVE Names: CVE-2017-11610 CVE-2017-12148

Topic

An update is now available for CloudForms Management Engine 5.8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

CloudForms Management Engine 5.8 - noarch, x86_64


Bugs Fixed

1439650 - Tenant and catalog information missing in Service Catalog Item Being Tagged

1459987 - Changes to timeout setting should not require evmserverd restart

1459996 - [RFE] Add support for virt v2v

1460754 - containers: containers analysis task results - user is system and owner is empty

1461061 - Add rate view option for counters in Ad-hoc Metrics

1465087 - Service template provisioning request do not honour quotas

1465089 - "Items" keyword in the dropdown list values of Default Items Per Page in my settings

1471709 - Default landing page is not showing "storage page" related options for custom made role

1476143 - CVE-2017-11610 supervisor: Command injection via malicious XML-RPC request

1477194 - AD with external auth, When doing group lookup for user group SID number is displayed instead of Group name

1477616 - Validation failed: Status is not included in the list

1477701 - Error caught: [NoMethodError] undefined method `[]' for nil:NilClass for REGULAR EXPRESSION MATCHES report

1477702 - UI: Unable to edit Compliance Policy Scope condition.

1478367 - 400 Bad Request Provision Error

1478372 - All start page entries must be updated to include the new navigation

1478379 - We do not check the base unit when creating the unit label

1478391 - Limit ansible playbook catalog item description

1478398 - Fields change in Advanced search in Automation -> Ansible Tower page

1478400 - Delete saved report button is not available on the configuration tab on report summary page

1478406 - Link to PV summary pdf broken

1478407 - [RFE] Create Backup for Cloud Volume should have force checkbox

1478409 - Error caught: [NoMethodError] undefined method `+' for nil:NilClass

1478415 - [Azure] User password limitations are not working correctly

1478418 - [RFE] Add support for VM "Restart Guest", for RHV provider

1478421 - Enabling Capacity & Utilization without filling C&U credentials generate repeated Errors in evm.log

1478428 - Default capture_threshold value for OpenShift object types is too low

1478429 - 'Ansible Tower' should not be mentioned in CloudForms notification when using Ansible Automation Inside

1478434 - prevent two miq servers from starting

1478435 - found as option in drop down service dialogs

1478436 - Remote VNC/SPICE consoles lack logging when the remote endpoint is inaccessible

1478506 - inconsistent response when deleting nonexistent VM snapshot using API

1478508 - Not able to retire VM/instance via API unless "Set Retirement Date" feature is checked for role

1478510 - [POD] database.yml and GUID collected as link after log collection in podified appliance

1478513 - Configuration Manager name change not displayed

1478515 - Accessing the 'manager' association of a ManageIQ_Providers_EmbeddedAnsible_AutomationManager_Job service model gives a NoMethodError exception

1478523 - Productized border at top of page should be red not blue

1478526 - Unable to save trusted forest Settings

1478527 - CFME crashes in case of description field not found

1478529 - Tag|Ansible Job template| Page refreshes after try to navigate to template detail page from edit tag page

1478532 - In case system project not exsit, no filters load on Ad hoc metrics

1478535 - Boolean user input filter should be select bar to prevent exceptions

1478542 - SUI : Start/Stop operation on any service hides the top button menu bar

1478544 - After applying errata 5.7.3.2 some dialog field default values are missing in the self-service portal

1478554 - Not possible to refresh automate from GIT using API call

1478557 - Tag with Key 'Name' and a nil Value Breaks Refresh for AWS

1478558 - Container build pods are linked to build configurations from wrong namespaces

1478560 - RHV provider does not trust certificate authorities from the system CA database

1478562 - [VMWARE]Auto_placement provision into DVPortGroup fails on Virtual Center 6.5

1478563 - [RFE] Warning message on "admin" username during Azure provision

1478565 - Error generating reports after upgrading to 4.5

1478568 - Builds are connected to pods from different namespaces when builds have the same names

1478571 - Cloud volume operations are blocked by "Must filter on valid attributes for resource" error

1479367 - Provisioning to MS SCVMM Uses host.name instead of host.hostname

1479405 - [v2v] Drivers ISO filtering is broken

1479407 - Ansible inside Job times out even if the playbook is still running

1479409 - incorrect value used in stock automation wait_for_completion

1479414 - [v2v] Failures/Errors are not reflected at all in the Automate request messages

1479423 - Generic Service State Machine missing retry interval

1479437 - Azure inventory collection fails with missing instances for west-india region

1479453 - [v2v] operation always fail eventually, even in cases VM import was successful.

1479454 - [v2v] request timeout is very long (~2 days)

1479478 - VM Migrate State Machine does not correctly report migration errors.

1479481 - A deleted VM state do not change to Archived state

1479802 - Adding dialog for a new cloud volume doesn't show EBS storage manager

1479805 - Unable to provision against vmware with "multiple parents found" error

1479886 - After Applying ERRATA-RHSA-2017:1601 full refreshes are being trigged frequently

1479917 - Tag | Groups: Datastores is missing in "Host & Clusters" tree

1479920 - Hawkular verification - error message contains HTML tags

1479922 - The notification events are out of order

1479923 - [Embedded Ansible] - Unexpected error when clicking on Download summary icon

1479924 - Embedded Ansible worker has no icon in Diagnostics

1479925 - Button Group details page fields do not mention Group

1479926 - Button edit dialog title is incorrect

1479927 - Unable to perform power control operations on stack instance when navigated through stack summary page

1479929 - VM: Error when clicking on archived or orphaned VMware VM in VM explorer

1479931 - UX: Provisioning an ec2 instance image selection page has Type: "Image" splitted in two lines

1479935 - HTML5 Console: Toggle Full Screen Button Does not Work in Firefox

1479937 - Configuration Management Provider's Verify Peer Certificate setting doesn't get saved

1479938 - zones of sub region show up as zones appliances of a central region can move to

1479941 - Search field disappears when user clicks view selector after user input dialog on Compute->Infrastructure->All VMs page

1479943 - Adding an Automate Task schedule adds UTC to the last Attribute/Value pair

1479944 - User unable to tick the check boxes of the folder while assigning the Alert profile

1479959 - Unable to provision HyperV networking properly

1479972 - TypeError while refreshing a scvmm provider

1479976 - Refresh failed for VMware Provider in Cloudforms 4.5

1479978 - OpenStack cloud provider refresh error: Flavor could not be found

1479991 - Typo on Infra provider dashboard page

1479993 - Inconsistency between flash message when creating vs. deleting

1479994 - UI: "Unexpected error encountered" when Downloading report in text,csv and pdf format

1480000 - exception on attempt to open report with timelines "Operations VM Power On/Off Events for Last Week"

1480001 - [Embedded Ansible] URL is not validated while adding new Ansible Repository

1480002 - Broken navigation tree in the datastore details screen

1480007 - Provisions via Users in multiple groups in tenants in SSUI result in VMs being provisioned to wrong group/tenant

1480008 - Datasources Download .txt truncates host-name

1480286 - State Machine Changes when User Switches Groups During Provision in Admin UI

1480377 - [RHEVM]: VM snapshot: delete option is enabled, for Active VM

1480586 - [v2v] rephrase "Drivers ISO" label in the v2v dialog

1480588 - [v2v] Move the 'Transform this VM to RHV' option from 'Configuration' to 'Lifecycle'

1480589 - Reports type dashboard widgets cannot be minimized

1480654 - Duplicated users when changed the (upper,lower)case of letters of login name

1480734 - vm_retire_extend references vm.retirement which does not exist anymore, causing crash

1481296 - CloudForms REST API searching for reports by names that contain '>' fails with a '400 - Bad Request'

1481436 - In Utilisation graph for Pods and Containers the Rounding of metrics is inconsistant

1481437 - [UI] - Unexpected error encountered when switching to 'Cloud Intel' main tab

1481439 - Duplicate flash message in Optimize/Bottlenecks

1481442 - duplicate status messages when saving automate methods

1481445 - Ansible Automation: missing group id in manageiq payload

1481449 - Instance Type on Provision Instances remains empty after adding flavor which has disk size of 0

1481450 - Unable to provision against vmware due to "unknown method xsiType"

1481845 - Delete a Template in RHEV that a Catalog uses, no indication in logs or UI when Catalog Ordered

1481846 - appliance_console_cli doesn't handle ipa registration if the password has a '$' in it

1481849 - "Page does not exist" when clicked on Service Catalog item breadcrumb link from stack page

1481851 - Internal Server Error when creating schedule for automate task

1481853 - Drop down history toolbar button on Import/Export report page is not needed, should be removed.

1482131 - Title displayed in add button page is wrong

1482136 - CFME OpenStack provider missing options to set VLAN or Segmentation ID

1482148 - Missing Icon of power state - migrating

1482170 - unable to provision against openstack with a volume attached

1482666 - Cannot edit Ansible Repository

1482667 - sat6 save button broken after changing rhsm details to sat6 setup

1482668 - prov.set_host fails on 4.5.1 (5.8.1.5.20170725160636_e433fc0)

1482669 - setting hostname through appliance console throws error on ipv6 only env

1482670 - Workers processing a miq_queue message that exceed the memory threshold aren't given enough time to exit gracefully

1484373 - Reports are not generated by API call

1484374 - Failure to collect metrics of Window instances on Azure

1484385 - Setting VM ownership on more than 100 VMs at a time causing server error status 400 bad request

1484424 - [Embedded Ansible] Failed Repository does not show up in All Repositories Table on /ansible_repository/show_list

1484539 - Custom button not passing target object to dynamic dialog fields

1484548 - [RFE] Add config option to skip container_images

1484608 - SUI : The VM status shows "retired" for all VM's ,retired or not.

1484613 - RHEVM Target Refresh Completes Even Though Storage Domain Error is Thrown

1484895 - Reports - pods per ready status - nonexistent pods presented

1484901 - [RFE] Include EvmRole-reader as read-only role in the fixtures

1484904 - Tower version 2 may fail refresh

1484956 - [v2v] 'Drivers ISO' field is not removed when 'install drivers' is unchecked.

1484984 - [RFE] The azure image as built cannot be used in azure.

1485474 - CVE-2017-12148 Ansible Tower modification of git hooks in SCM repo via upstream playbook execution

1486351 - Service order request for VM provision from template fail on SSL Certificate verification

1486474 - Locale dropdown menu does not have Portuguese

1487283 - Refresh fails: undefined method `[]' for nil:NilClass in `parse_image_name'

1487320 - Unable to access filter tab while Editing chargeback for projects report

1487689 - duplicate users get created from ldap logins

1488967 - Need to verify that SSA works with Azure Managed Storage

1489974 - Unable to login to Amazon account.

1491310 - Smart state analysis on a running vm on Azure doesn't work

1492840 - [UI][Services] - Not all catalog items shown in Service catalogs accordion tree

1493207 - Add miq_provision_quota_mixin to Service Template Provision Request service model.

1494561 - Save only used OpenShift images with labels/tags

1496912 - Proxy configuration does not work in restricted IPV6 only environment

1496946 - setting a dynamic dialog to "required = True" is not saved

1497746 - Editing Name of a Category via API breaks Chargeback Assignments

1497817 - Appliance doesn't start after upgrading from 5.7.4.0 to 5.8.2.0

1497835 - Tag/Networks: Cloud Network list is available for restricted user, if Network manager was tagged

1498230 - [Regression] appliance_console not enabling all required SCAP rules.

1498556 - Azure Smart State on Image results error "Unable to mount filesystem. Reason:[undefined method `split' for nil:NilClass" in evm.log

1499868 - DB/LDAP User is not able to log into SSUI

1500049 - Cannot add Azure provider to CloudForms 4.2

1500051 - Azure refreshes fail with [NameError]: wrong constant name $default

1500053 - Cloudforms AWS image with Azure provider fails to discover entire environment

1502738 - Dynamic refresh ignored on Service Dialog elements if clicking submit without clicking out of refresh trigger element first


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved