What is the severity of RHSA-2021:1186?

The severity of RHSA-2021:1186 is classified as important.

How do I fix RHSA-2021:1186?

To fix RHSA-2021:1186, update the ovirt-engine package and its associated components to version 4.4.5.11-0.1.el8e.

What affects RHSA-2021:1186?

RHSA-2021:1186 affects packages including ovirt-engine, ovirt-engine-ui-extensions, and ovirt-web-ui among others.

What are the consequences of not addressing RHSA-2021:1186?

Not addressing RHSA-2021:1186 could expose your system to potential security vulnerabilities related to the ovirt-engine.

When was RHSA-2021:1186 released?

RHSA-2021:1186 was released on April 21, 2021.

Vulnerability/
RHSA-2021:1186

CWE

14/4/2021

15/8/2024

RHSA-2021:1186: Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance

First published: Wed Apr 14 2021(Updated: )

The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Bug Fix(es): <li> Previously, saving user preferences in the Red Hat Virtualization Manager required the MANIPULATE_USERS permission level. As a result, user preferences were not saved on the server.</li> In this release, the required permission level for saving user preferences was changed to EDIT_PROFILE, which is the permission level assigned by default to all users. As a result, saving user preferences works as expected. (BZ#1920539) A list of bugs fixed in this update is available in the Technical Notes book: <a href="https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes</a> Security Fix(es): <li> nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS (CVE-2019-20921)</li> <li> datatables.net: prototype pollution if 'constructor' were used in a data property name (CVE-2020-28458)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/ovirt-engine	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-ui-extensions	<1.2.5-1.el8e	1.2.5-1.el8e
redhat/ovirt-web-ui	<1.6.8-1.el8e	1.6.8-1.el8e
redhat/ovirt-engine-backend	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-dbscripts	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-health-check-bundler	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-restapi	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-base	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-plugin-cinderlib	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-plugin-imageio	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-plugin-ovirt-engine	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-plugin-ovirt-engine-common	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-setup-plugin-websocket-proxy	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-tools	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-tools-backup	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-vmconsole-proxy-helper	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-webadmin-portal	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/ovirt-engine-websocket-proxy	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/python3-ovirt-engine-lib	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e
redhat/rhvm	<4.4.5.11-0.1.el8e	4.4.5.11-0.1.el8e

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2021:1186 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2021:1186?
The severity of RHSA-2021:1186 is classified as important.
How do I fix RHSA-2021:1186?
To fix RHSA-2021:1186, update the ovirt-engine package and its associated components to version 4.4.5.11-0.1.el8e.
What affects RHSA-2021:1186?
RHSA-2021:1186 affects packages including ovirt-engine, ovirt-engine-ui-extensions, and ovirt-web-ui among others.
What are the consequences of not addressing RHSA-2021:1186?
Not addressing RHSA-2021:1186 could expose your system to potential security vulnerabilities related to the ovirt-engine.
When was RHSA-2021:1186 released?
RHSA-2021:1186 was released on April 21, 2021.

agent/severity
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/title
agent/weakness
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:1186
agent/software-canonical-lookup
agent/references
agent/tags
agent/event
agent/source
package-manager/redhat