First published: Wed Apr 14 2021(Updated: )
The ovirt-engine package provides the manager for virtualization environments.<br>This manager enables admins to define hosts and networks, as well as to add<br>storage, create VMs and manage user permissions.<br>Bug Fix(es):<br><li> Previously, saving user preferences in the Red Hat Virtualization Manager required the MANIPULATE_USERS permission level. As a result, user preferences were not saved on the server.</li> In this release, the required permission level for saving user preferences was changed to EDIT_PROFILE, which is the permission level assigned by default to all users. As a result, saving user preferences works as expected. (BZ#1920539)<br>A list of bugs fixed in this update is available in the Technical Notes<br>book:<br><a href="https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes</a> Security Fix(es):<br><li> nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS (CVE-2019-20921)</li> <li> datatables.net: prototype pollution if 'constructor' were used in a data property name (CVE-2020-28458)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ovirt-engine | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-ui-extensions | <1.2.5-1.el8e | 1.2.5-1.el8e |
redhat/ovirt-web-ui | <1.6.8-1.el8e | 1.6.8-1.el8e |
redhat/ovirt-engine-backend | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-dbscripts | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-health-check-bundler | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-restapi | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-base | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-plugin-cinderlib | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-plugin-imageio | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-plugin-ovirt-engine | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-plugin-ovirt-engine-common | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-setup-plugin-websocket-proxy | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-tools | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-tools-backup | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-vmconsole-proxy-helper | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-webadmin-portal | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/ovirt-engine-websocket-proxy | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/python3-ovirt-engine-lib | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
redhat/rhvm | <4.4.5.11-0.1.el8e | 4.4.5.11-0.1.el8e |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.