Updated cfme packages that fix multiple security issues, several bugs, andadd various enhancements are now available for Red Hat CloudForms 3.0.The Red Hat Security Response Team has rated this update as havingImportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

Red Hat CloudForms Management Engine delivers the insight, control, andautomation needed to address the challenges of managing virtualenvironments.A flaw was found in the way Ruby on Rails’ actionpack rubygem performedJSON parameter parsing. An application using a third party library, whichuses the Rack::Request interface, or custom Rack middleware could bypassthe protection implemented to fix the CVE-2013-0155 vulnerability, causingthe application to receive unsafe parameters and become vulnerable toCVE-2013-0155. (CVE-2013-6417)An input sanitization flaw was found in the saved_report_delete action inthe ReportController. An authenticated Management Engine user could usethis flaw to perform an SQL injection attack on the Management Engine backend database. (CVE-2014-0137)It was found that Red Hat CloudForms Management Engine did not properlycheck user role permissions for actions associated with catalogs.An authenticated Management Engine user could use this flaw to deletearbitrary catalogs regardless of the granted permissions. (CVE-2014-0078)Multiple stack-based buffer overflow flaws were found in the date/timeimplementation of PostgreSQL. An authenticated database user could providea specially crafted date/time value that, when processed, could causePostgreSQL to crash or, potentially, execute arbitrary code with thepermissions of the user running PostgreSQL. (CVE-2014-0063)Multiple integer overflow flaws, leading to heap-based buffer overflows,were found in various type input functions in PostgreSQL. An authenticateddatabase user could possibly use these flaws to crash PostgreSQL or,potentially, execute arbitrary code with the permissions of the userrunning PostgreSQL. (CVE-2014-0064, CVE-2014-2669)Multiple potential buffer overflow flaws were found in PostgreSQL.An authenticated database user could possibly use these flaws to crashPostgreSQL or, potentially, execute arbitrary code with the permissions ofthe user running PostgreSQL. (CVE-2014-0065)It was found that granting an SQL role to a database user in a PostgreSQLdatabase without specifying the “ADMIN” option allowed the grantee toremove other users from their granted role. An authenticated database usercould use this flaw to remove a user from an SQL role which they weregranted access to. (CVE-2014-0060)A flaw was found in the validator functions provided by PostgreSQL’sprocedural languages. An authenticated database user could possibly usethis flaw to escalate their privileges. (CVE-2014-0061)A race condition was found in the way PostgreSQL’s CREATE INDEX commandperformed multiple independent lookups of a table that had to be indexed.An authenticated database user could possibly use this flaw to escalatetheir privileges. (CVE-2014-0062)It was found that the chkpass extension of PostgreSQL did not check thereturn value of the crypt() function. An authenticated database user couldpossibly use this flaw to crash PostgreSQL via a null pointer dereference.(CVE-2014-0066)Red Hat would like to thank the Ruby on Rails project for reportingCVE-2013-6417; upstream acknowledges Sudhir Rao as the original reporterof this issue.Red Hat would also like to thank the PostgreSQL project for reportingCVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,CVE-2014-0065, CVE-2014-0066, and CVE-2014-2669; upstream acknowledges NoahMisch, Heikki Linnakangas, Peter Eisentraut, Jozef Mlich, Andres Freund,Robert Haas, Honza Horak, and Bruce Momjian as the original reporters ofthese issues.The CVE-2014-0137 and CVE-2014-0078 issues were discovered by Jan Rusnackoof the Red Hat Product Security Team.
These updated packages upgrade PostgreSQL to version 9.2.7, which fixesthese issues as well as several non-security issues. Refer to thePostgreSQL Release Notes for a full list of changes:http://www.postgresql.org/docs/9.2/static/release-9-2-7.htmlThis update also fixes several bugs and adds various enhancements.Documentation for these changes will be available shortly from theTechnical Notes document linked to in the References section.All users of Red Hat CloudForms 3.0 are advised to upgrade to these updatedpackages, which correct these issues and add these enhancements.Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258Red Hat CloudForms 3.0

    MD5: c8824e48af3084a676c07107c2885c04SHA-256: 6015e6893871143b606f21fe0dba2f06148e2857ef757c89dcd0e72fc91f0a11
    MD5: 9699528f8d3bca76120e3f9e92be5b36SHA-256: b18315010ccd452fc549b1238a66987996d6bf02cb22b2149da5540eb4c89968
    MD5: 2d496860df59e91a452adbc8d8ba992bSHA-256: c914578c03aa29acab719eb441c97bf461e42fc56005c4410ba38816c5adf728
    MD5: 49a31e70668bd28b153c5730aaff3245SHA-256: 6f5a7933520f5386c461bc9ba1dc65fb137efe6c50cc83ad323f071f7292e153
    MD5: 7ebf985c36ae45e66e5e46bdc33e0f9cSHA-256: 431ba618a6b538e286fea05e8c1a3f90df5660eab711bd1d0c4ecf5796768df0
    MD5: 26559a967b681907d4877ff36d9ab938SHA-256: c8080ba3c81d19ecc1e14f550e33ef26238842710bf4d916ec47fac36ff52dfd
    MD5: 5e06d933d81735050f5601199639419cSHA-256: 4adb939c9ce83ca4f85038d1294daf6dbabe584222a4321eb49c6bf6acd4734d
    MD5: d291e265174674d56fbe0605db72d98aSHA-256: 56f2002f241f57574048df536fcf9c054ebf1bb1c6bd49dbc7a149b25407d70c
    MD5: e049d43d4acbf2739138cdcfdd55aafbSHA-256: 0879a18262600e840bcb074e325b130ba2421220ec55c64215041568e86b97fb
    MD5: 2cc1b559774c88b678b23acc1c041db3SHA-256: 82f86de0c9b46997f025fb8ada14f50dd95f746f62281219135133c9ecbe0c83
    MD5: 92b3d7dc2cc809023ca5fb7ceb7a7ebeSHA-256: a97cd5f6001b7866153fc12df62886508b4141c14d3310ce38f69e1b9272a7dd
    MD5: d25591f1aed88359d00877e030d1f195SHA-256: 0ac1997d5adc772e117aa493ce2201d279af2d0890dec34ac07ca28c20db7bdd
    MD5: e346c4e79cdb7ee63bdee17b7955128aSHA-256: 58e653a029781e76a05b41a39971af644446e45bdb7a6e0b25943d7bedf87b6c
    MD5: 3d040b5e288bae05ca392efbf52f0faaSHA-256: 1fe1105cbd61738fb0e445090fd6888bad21a6c7ab960762219acde2a0912d0b
    MD5: a144366a234838fe490471d8f52a256aSHA-256: 037446e6c73415183179c9e95532bdcc071f37190382b66b9e4b585198d23dd3
    MD5: 4b30dcbda9da4007f5dd39441b146c0bSHA-256: 3757aa6d843bdb1197373a587787177843b6b05c5957cd930a5d67babf2372a5
    MD5: 6878b89deb0946912d7f7855b014470aSHA-256: e76db63db0ac6a1fa4e9ae366a323a10c062bf7830189497a8d3e74bf1b2cb2a
    MD5: 770265f1531fd0885b88eda444dddfb4SHA-256: f7d1d6fe208c7232d9bc090cbd22868d1ac7010e67d884615b6de4c46a2d78d0
    MD5: 930b0317856b25d5715ef90a83475e12SHA-256: 7fbde2b39bcfbce7373fff2d3d61fc7131256394ac28464174ca537faf52714f
    MD5: 018eb1396d2e9bc295aecaf5b7cc565eSHA-256: 8520c1d7cb74bdbd22b0101dcbb91dcad8f100744cada185fd43856a254129bb
    MD5: 5f760227b5416eb711225b9bb24c82adSHA-256: b8498df998111cad01154412157e5b0070c9c3818d45df1d57d2d2b8287d0537
(The unlinked packages above are only available from the Red Hat Network)
1036409 – CVE-2013-6417 rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)1064556 – CVE-2014-0078 CFME: multiple authorization bypass vulnerabilities in CatalogController1065219 – CVE-2014-0060 postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members1065220 – CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions1065222 – CVE-2014-0062 postgresql: CREATE INDEX race condition possibly leading to privilege escalation1065226 – CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output1065230 – CVE-2014-0064 postgresql: integer overflows leading to buffer overflows1065235 – CVE-2014-0065 postgresql: possible buffer overflow flaws1065236 – CVE-2014-0066 postgresql: NULL pointer dereference1076688 – CVE-2014-0137 CFME: ReportController SQL injection1082154 – CVE-2014-2669 postgresql: multiple integer overflows in hstore_io.c

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply