- Vulnerability/
- RHSA-2020:1308
RHSA-2020:1308: Low: Red Hat Virtualization Engine security, bug fix 4.3.9
First published: Thu Apr 02 2020(Updated: )
The org.ovirt.engine-root is a core component of oVirt.<br>The following packages have been upgraded to a later upstream version: org.ovirt.engine-root (4.3.8.2), ovirt-engine-dwh (4.3.8), ovirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0), ovirt-imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui (1.6.0), rhv-log-collector-analyzer (0.2.15), v2v-conversion-host (1.16.0). (BZ#1767333, BZ#1776722, BZ#1779587, BZ#1779631)<br>Security Fix(es):<br><li> CVE-2019-17195</li> <li> CVE-2019-10086</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> [downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are versioned templates in database (BZ#1688781)</li> <li> [ovirt-fast-forward-upgrade] Error: ovirt-engine-setup-plugin-ovirt-engine conflicts with ovirt-engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979)</li> <li> Users immediately logged out from User portal due to negative UserSessionTimeOutInterval (BZ#1757423)</li> <li> Fluentd error when stopping metrics services through playbook on 4.3 (BZ#1772506)</li> <li> [downstream clone - 4.3.8] From VM Portal, users cannot create Operating System Windows VM. (BZ#1773580)</li> <li> MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged [RHV clone - 4.3.8] (BZ#1779664)</li> <li> Metric Store reports all hosts in Default cluster regardless of cluster assignment. (BZ#1780234)</li> Enhancement(s):<br><li> RFE for offline installation of RHV Metrics Store (BZ#1711873)</li> <li> [RFE] Compare storage with database for discrepancies (BZ#1739106)</li> <li> [RFE] RHV+Metrics Store - Support a Flat DNS environment without subdomains (BZ#1782412)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovirt-engine | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-extension-aaa-misc | <1.0.4-1.el7e | 1.0.4-1.el7e |
| redhat/ovirt-fast-forward-upgrade | <1.0.0-17.el7e | 1.0.0-17.el7e |
| redhat/rhvm-dependencies | <4.3.2-1.el7e | 4.3.2-1.el7e |
| redhat/ovirt-engine | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-backend | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-dbscripts | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-extensions-api-impl | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-extensions-api-impl-javadoc | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-health-check-bundler | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-restapi | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup-base | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup-plugin-cinderlib | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup-plugin-ovirt-engine | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup-plugin-ovirt-engine-common | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-setup-plugin-websocket-proxy | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-tools | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-tools-backup | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-vmconsole-proxy-helper | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-webadmin-portal | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/ovirt-engine-websocket-proxy | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/python2-ovirt-engine-lib | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/rhvm | <4.3.9.3-0.1.el7 | 4.3.9.3-0.1.el7 |
| redhat/apache-commons-beanutils | <1.8.3-15.el7_7 | 1.8.3-15.el7_7 |
| redhat/apache-commons-beanutils | <1.8.3-15.el7_7 | 1.8.3-15.el7_7 |
| redhat/apache-commons-beanutils-javadoc | <1.8.3-15.el7_7 | 1.8.3-15.el7_7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1752522
- https://bugzilla.redhat.com/show_bug.cgi?id=1764791
- https://bugzilla.redhat.com/show_bug.cgi?id=1767483
- https://bugzilla.redhat.com/show_bug.cgi?id=1789737
- https://bugzilla.redhat.com/show_bug.cgi?id=1792874
- https://bugzilla.redhat.com/show_bug.cgi?id=1797496
- https://bugzilla.redhat.com/show_bug.cgi?id=1801310
- https://bugzilla.redhat.com/show_bug.cgi?id=1808038
- https://bugzilla.redhat.com/show_bug.cgi?id=1808607
- https://bugzilla.redhat.com/show_bug.cgi?id=1809470
- https://bugzilla.redhat.com/show_bug.cgi?id=1810527
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/errata/RHSA-2020:1308 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:1308
- agent/software-canonical-lookup
- package-manager/redhat