What are the affected packages for vulnerability RHSA-2020:5179?

The affected packages include engine-db-query, ovirt-engine, ovirt-engine-dwh, and others, which have received updates.

How do I fix vulnerability RHSA-2020:5179?

To fix vulnerability RHSA-2020:5179, upgrade the affected packages to their recommended versions as specified in the advisory.

What is the severity of RHSA-2020:5179?

The severity of RHSA-2020:5179 is typically critical, depending on the specific context of your environment and usage.

What is the impact of not addressing RHSA-2020:5179?

Not addressing RHSA-2020:5179 could lead to potential security breaches or exploitation of the vulnerabilities present in the affected packages.

Is there a specific version I should upgrade to for RHSA-2020:5179?

Yes, the recommended versions for upgrade are engine-db-query to 1.6.2-1.el8e and ovirt-engine to 4.4.3.8-0.1.el8e, among others.

Vulnerability/
RHSA-2020:5179

24/11/2020

8/6/2024

RHSA-2020:5179: Low: Red Hat Virtualization security, bug fix, and enhancement update

First published: Tue Nov 24 2020(Updated: )

The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: engine-db-query (1.6.2), org.ovirt.engine-root (4.4.3.8), ovirt-engine-dwh (4.4.3.1), ovirt-engine-extension-aaa-ldap (1.4.2), ovirt-engine-extension-logger-log4j (1.1.1), ovirt-engine-metrics (1.4.2.1), ovirt-engine-ui-extensions (1.2.4), ovirt-log-collector (4.4.4), ovirt-web-ui (1.6.5), rhv-log-collector-analyzer (1.0.5), rhvm-branding-rhv (4.4.6). (BZ#1866981, BZ#1879377) Security Fix(es): <li> nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)</li> <li> nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)</li> <li> nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): <li> send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 (BZ#1613514)</li> <li> Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation (BZ#1702016)</li> <li> If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. (BZ#1760170)</li> <li> Search backend cannot find VMs which name starts with a search keyword (BZ#1797717)</li> <li> [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation (BZ#1808320)</li> <li> enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times (BZ#1811466)</li> <li> NumaPinningHelper is not huge pages aware, denies migration to suitable host (BZ#1812316)</li> <li> Adding quota to group doesn't propagate to users (BZ#1822372)</li> <li> Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template (BZ#1829691)</li> <li> Live Migration Bandwidth unit is different from Engine configuration (Mbps) and VDSM (MBps) (BZ#1845397)</li> <li> RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase (BZ#1854888)</li> <li> Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address (BZ#1855305)</li> <li> rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)</li> <li> RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run (BZ#1866862)</li> <li> Issue with dashboards creation when sending metrics to external Elasticsearch (BZ#1870133)</li> <li> HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)</li> <li> [CNV&RHV]Notification about VM creation contain <UNKNOWN> string (BZ#1873136)</li> <li> VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart (BZ#1877632)</li> <li> Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation (BZ#1879280)</li> <li> unable to create/add index pattern in step 5 from kcs articles#4921101 (BZ#1881634)</li> <li> [CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs (BZ#1883844)</li> <li> Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)</li> <li> [CNV&RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)</li> <li> Require ansible-2.9.14 in ovirt-engine (BZ#1888626)</li> Enhancement(s): <li> [RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)</li> <li> [RFE] - enable renaming HostedEngine VM name (BZ#1657294)</li> <li> [RFE] Enabling Icelake new NIs - RHV (BZ#1745024)</li> <li> [RFE] Show vCPUs and allocated memory in virtual machines summary (BZ#1752751)</li> <li> [RFE] RHV-M Deployment/Install Needs it's own UUID (BZ#1825020)</li> <li> [RFE] Destination Host in migrate VM dialog has to be searchable and sortable (BZ#1851865)</li> <li> [RFE] Expose the "reinstallation required" flag of the hosts in the API (BZ#1856671)</li>

Affected Software	Affected Version	How to fix
redhat/engine-db-query	<1.6.2-1.el8e	1.6.2-1.el8e
redhat/ovirt-engine	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-dwh	<4.4.3.1-1.el8e	4.4.3.1-1.el8e
redhat/ovirt-engine-extension-aaa-ldap	<1.4.2-1.el8e	1.4.2-1.el8e
redhat/ovirt-engine-extension-logger-log4j	<1.1.1-1.el8e	1.1.1-1.el8e
redhat/ovirt-engine-metrics	<1.4.2.1-1.el8e	1.4.2.1-1.el8e
redhat/ovirt-engine-ui-extensions	<1.2.4-1.el8e	1.2.4-1.el8e
redhat/ovirt-log-collector	<4.4.4-1.el8e	4.4.4-1.el8e
redhat/ovirt-web-ui	<1.6.5-1.el8e	1.6.5-1.el8e
redhat/rhv-log-collector-analyzer	<1.0.5-1.el8e	1.0.5-1.el8e
redhat/rhvm-branding-rhv	<4.4.6-1.el8e	4.4.6-1.el8e
redhat/ovirt-engine-backend	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-dbscripts	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-dwh-grafana-integration-setup	<4.4.3.1-1.el8e	4.4.3.1-1.el8e
redhat/ovirt-engine-dwh-setup	<4.4.3.1-1.el8e	4.4.3.1-1.el8e
redhat/ovirt-engine-extension-aaa-ldap-setup	<1.4.2-1.el8e	1.4.2-1.el8e
redhat/ovirt-engine-health-check-bundler	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-restapi	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-base	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-plugin-cinderlib	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-plugin-imageio	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-plugin-ovirt-engine	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-plugin-ovirt-engine-common	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-setup-plugin-websocket-proxy	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-tools	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-tools-backup	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-vmconsole-proxy-helper	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-webadmin-portal	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/ovirt-engine-websocket-proxy	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/python3-ovirt-engine-lib	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e
redhat/rhvm	<4.4.3.8-0.1.el8e	4.4.3.8-0.1.el8e

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2020:5179 (Advisory)

Frequently Asked Questions

What are the affected packages for vulnerability RHSA-2020:5179?
The affected packages include engine-db-query, ovirt-engine, ovirt-engine-dwh, and others, which have received updates.
How do I fix vulnerability RHSA-2020:5179?
To fix vulnerability RHSA-2020:5179, upgrade the affected packages to their recommended versions as specified in the advisory.
What is the severity of RHSA-2020:5179?
The severity of RHSA-2020:5179 is typically critical, depending on the specific context of your environment and usage.
What is the impact of not addressing RHSA-2020:5179?
Not addressing RHSA-2020:5179 could lead to potential security breaches or exploitation of the vulnerabilities present in the affected packages.
Is there a specific version I should upgrade to for RHSA-2020:5179?
Yes, the recommended versions for upgrade are engine-db-query to 1.6.2-1.el8e and ovirt-engine to 4.4.3.8-0.1.el8e, among others.

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/title
agent/remedy
agent/description
agent/tags
agent/event
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:5179
agent/software-canonical-lookup
package-manager/redhat

RHSA-2020:5179: Low: Red Hat Virtualization security, bug fix, and enhancement update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What are the affected packages for vulnerability RHSA-2020:5179?

How do I fix vulnerability RHSA-2020:5179?

What is the severity of RHSA-2020:5179?

What is the impact of not addressing RHSA-2020:5179?

Is there a specific version I should upgrade to for RHSA-2020:5179?

Company

Resources

Contact

Frequently Asked Questions

What are the affected packages for vulnerability RHSA-2020:5179?

How do I fix vulnerability RHSA-2020:5179?

What is the severity of RHSA-2020:5179?

What is the impact of not addressing RHSA-2020:5179?

Is there a specific version I should upgrade to for RHSA-2020:5179?