The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1367 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time, however if an attacker were able to man-in-the-middle an administrator while installing the new certificate the attacker could get a copy of the private key uploaded allowing for future attacks. (CVE-2016-4457) * It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms. (CVE-2017-2639) The CVE-2016-4457 issue was discovered by Simon Lukasik (Red Hat). Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References…Read More