RHSA-2021:1169: Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement
First published: Wed Apr 14 2021(Updated: )
The ovirt-engine package provides the manager for virtualization environments.<br>This manager enables admins to define hosts and networks, as well as to add<br>storage, create VMs and manage user permissions.<br>A list of bugs fixed in this update is available in the Technical Notes<br>book:<br><a href="https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes</a> Security Fix(es):<br><li> nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS (CVE-2019-20921)</li> <li> m2crypto: bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657)</li> <li> datatables.net: prototype pollution if 'constructor' were used in a data property name (CVE-2020-28458)</li> <li> nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2020-28477)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ansible-runner | <1.4.6-2.el8a | 1.4.6-2.el8a |
| redhat/ansible-runner-service | <1.0.7-1.el8e | 1.0.7-1.el8e |
| redhat/apache-sshd | <2.6.0-1.el8e | 2.6.0-1.el8e |
| redhat/ovirt-engine | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-dwh | <4.4.5.5-1.el8e | 4.4.5.5-1.el8e |
| redhat/ovirt-web-ui | <1.6.7-1.el8e | 1.6.7-1.el8e |
| redhat/apache-sshd-javadoc | <2.6.0-1.el8e | 2.6.0-1.el8e |
| redhat/ovirt-engine-backend | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-dbscripts | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-dwh-grafana-integration-setup | <4.4.5.5-1.el8e | 4.4.5.5-1.el8e |
| redhat/ovirt-engine-dwh-setup | <4.4.5.5-1.el8e | 4.4.5.5-1.el8e |
| redhat/ovirt-engine-health-check-bundler | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-restapi | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-base | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-plugin-cinderlib | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-plugin-imageio | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-plugin-ovirt-engine | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-plugin-ovirt-engine-common | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-setup-plugin-websocket-proxy | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-tools | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-tools-backup | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-vmconsole-proxy-helper | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-webadmin-portal | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/ovirt-engine-websocket-proxy | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/python3-ansible-runner | <1.4.6-2.el8a | 1.4.6-2.el8a |
| redhat/python3-ovirt-engine-lib | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
| redhat/rhvm | <4.4.5.9-0.1.el8e | 4.4.5.9-0.1.el8e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1145658
- https://bugzilla.redhat.com/show_bug.cgi?id=1155275
- https://bugzilla.redhat.com/show_bug.cgi?id=1649479
- https://bugzilla.redhat.com/show_bug.cgi?id=1666786
- https://bugzilla.redhat.com/show_bug.cgi?id=1688186
- https://bugzilla.redhat.com/show_bug.cgi?id=1729359
- https://bugzilla.redhat.com/show_bug.cgi?id=1787235
- https://bugzilla.redhat.com/show_bug.cgi?id=1802844
- https://bugzilla.redhat.com/show_bug.cgi?id=1837221
- https://bugzilla.redhat.com/show_bug.cgi?id=1843882
- https://bugzilla.redhat.com/show_bug.cgi?id=1858420
- https://bugzilla.redhat.com/show_bug.cgi?id=1882273
- https://bugzilla.redhat.com/show_bug.cgi?id=1884233
- https://bugzilla.redhat.com/show_bug.cgi?id=1889823
- https://bugzilla.redhat.com/show_bug.cgi?id=1895217
- https://bugzilla.redhat.com/show_bug.cgi?id=1901503
- https://bugzilla.redhat.com/show_bug.cgi?id=1901752
- https://bugzilla.redhat.com/show_bug.cgi?id=1905108
- https://bugzilla.redhat.com/show_bug.cgi?id=1905158
- https://bugzilla.redhat.com/show_bug.cgi?id=1908441
- https://bugzilla.redhat.com/show_bug.cgi?id=1910302
- https://bugzilla.redhat.com/show_bug.cgi?id=1913198
- https://bugzilla.redhat.com/show_bug.cgi?id=1914602
- https://bugzilla.redhat.com/show_bug.cgi?id=1918162
- https://bugzilla.redhat.com/show_bug.cgi?id=1919555
- https://bugzilla.redhat.com/show_bug.cgi?id=1921104
- https://bugzilla.redhat.com/show_bug.cgi?id=1921119
- https://bugzilla.redhat.com/show_bug.cgi?id=1922200
- https://bugzilla.redhat.com/show_bug.cgi?id=1924012
- https://bugzilla.redhat.com/show_bug.cgi?id=1926854
- https://bugzilla.redhat.com/show_bug.cgi?id=1927851
- https://bugzilla.redhat.com/show_bug.cgi?id=1931514
- https://bugzilla.redhat.com/show_bug.cgi?id=1931786
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
- https://access.redhat.com/errata/RHSA-2021:1169 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2021:1169
- agent/software-canonical-lookup
- package-manager/redhat