First published: Mon Aug 12 2019(Updated: )
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.<br>The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ#1711193, BZ#1717250, BZ#1726917)<br>Security Fix(es):<br><li> python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)</li> <li> rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)</li> <li> edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)</li> <li> openssl: 0-byte record padding oracle (CVE-2019-1559)</li> <li> cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)</li> <li> sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/imgbased | <1.1.9-0.1.el7e | 1.1.9-0.1.el7e |
redhat/ovirt-node-ng | <4.3.5-0.20190717.0.el7e | 4.3.5-0.20190717.0.el7e |
redhat/redhat-release-virtualization-host | <4.3.5-2.el7e | 4.3.5-2.el7e |
redhat/ovirt-node-ng-nodectl | <4.3.5-0.20190717.0.el7e | 4.3.5-0.20190717.0.el7e |
redhat/python-imgbased | <1.1.9-0.1.el7e | 1.1.9-0.1.el7e |
redhat/python2-ovirt-node-ng-nodectl | <4.3.5-0.20190717.0.el7e | 4.3.5-0.20190717.0.el7e |
redhat/redhat-virtualization-host-image-update-placeholder | <4.3.5-2.el7e | 4.3.5-2.el7e |
redhat/redhat-virtualization-host | <4.3.5-20190722.0.el7_7 | 4.3.5-20190722.0.el7_7 |
redhat/redhat-virtualization-host-image-update | <4.3.5-20190722.0.el7_7 | 4.3.5-20190722.0.el7_7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.