What is the severity of RHSA-2018:3816?

The severity of RHSA-2018:3816 is classified as moderate.

How do I fix RHSA-2018:3816?

To fix RHSA-2018:3816, you should update the affected packages to the recommended versions specified in the advisory.

What packages are affected by RHSA-2018:3816?

RHSA-2018:3816 affects several packages including cfme, cfme-amazon-smartstate, cfme-appliance, and others.

Is RHSA-2018:3816 applicable to all Red Hat users?

RHSA-2018:3816 is specifically applicable to users of Red Hat CloudForms Management Engine and related products.

What is the recommended action for systems affected by RHSA-2018:3816?

It is recommended to apply the updates as soon as possible to mitigate potential vulnerabilities.

Vulnerability/
RHSA-2018:3816

13/12/2018

RHSA-2018:3816: Important: CloudForms 4.6.6 security, bug fix and enhancement update

First published: Thu Dec 13 2018(Updated: )

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): <li> postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)</li> <li> postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements (CVE-2018-10925)</li> <li> postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask (CVE-2018-1053)</li> <li> postgresql: Uncontrolled search path element in pg_dump and other client applications (CVE-2018-1058)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915, CVE-2018-10925 and CVE-2018-1053. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Tom Lane as the original reporter of CVE-2018-1053. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.

Affected Software	Affected Version	How to fix
redhat/cfme	<5.9.6.5-3.el7cf	5.9.6.5-3.el7cf
redhat/cfme-amazon-smartstate	<5.9.6.5-2.el7cf	5.9.6.5-2.el7cf
redhat/cfme-appliance	<5.9.6.5-1.el7cf	5.9.6.5-1.el7cf
redhat/cfme-gemset	<5.9.6.5-2.el7cf	5.9.6.5-2.el7cf
redhat/dbus-api-service	<1.0.1-3.1.el7cf	1.0.1-3.1.el7cf
redhat/httpd-configmap-generator	<0.2.2-1.2.el7cf	0.2.2-1.2.el7cf
redhat/postgresql96	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/cfme	<5.9.6.5-3.el7cf	5.9.6.5-3.el7cf
redhat/cfme-amazon-smartstate	<5.9.6.5-2.el7cf	5.9.6.5-2.el7cf
redhat/cfme-appliance	<5.9.6.5-1.el7cf	5.9.6.5-1.el7cf
redhat/cfme-appliance-common	<5.9.6.5-1.el7cf	5.9.6.5-1.el7cf
redhat/cfme-appliance-debuginfo	<5.9.6.5-1.el7cf	5.9.6.5-1.el7cf
redhat/cfme-appliance-tools	<5.9.6.5-1.el7cf	5.9.6.5-1.el7cf
redhat/cfme-debuginfo	<5.9.6.5-3.el7cf	5.9.6.5-3.el7cf
redhat/cfme-gemset	<5.9.6.5-2.el7cf	5.9.6.5-2.el7cf
redhat/cfme-gemset-debuginfo	<5.9.6.5-2.el7cf	5.9.6.5-2.el7cf
redhat/dbus-api-service	<1.0.1-3.1.el7cf	1.0.1-3.1.el7cf
redhat/httpd-configmap-generator	<0.2.2-1.2.el7cf	0.2.2-1.2.el7cf
redhat/postgresql96-contrib	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-debuginfo	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-devel	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-docs	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-libs	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-plperl	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-plpython	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-pltcl	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-server	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a
redhat/postgresql96-test	<9.6.10-1PGDG.el7a	9.6.10-1PGDG.el7a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2018:3816?
The severity of RHSA-2018:3816 is classified as moderate.
How do I fix RHSA-2018:3816?
To fix RHSA-2018:3816, you should update the affected packages to the recommended versions specified in the advisory.
What packages are affected by RHSA-2018:3816?
RHSA-2018:3816 affects several packages including cfme, cfme-amazon-smartstate, cfme-appliance, and others.
Is RHSA-2018:3816 applicable to all Red Hat users?
RHSA-2018:3816 is specifically applicable to users of Red Hat CloudForms Management Engine and related products.
What is the recommended action for systems affected by RHSA-2018:3816?
It is recommended to apply the updates as soon as possible to mitigate potential vulnerabilities.

agent/severity
agent/type
agent/last-modified-date
agent/softwarecombine
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2018:3816
agent/software-canonical-lookup
agent/references
agent/remedy
agent/title
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat