- Vulnerability/
- RHSA-2021:4703
RHSA-2021:4703: Important: RHV Engine and Host Common Packages security update [ovirt-4.4.9]
First published: Tue Nov 16 2021(Updated: )
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.<br>The ovirt.ovirt package (previously ovirt-ansible-collection) manages all oVirt Ansible modules.<br>The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.<br>otopi is a standalone, plug-in based installation framework to be used to set up system components. The plug-in nature provides simplicity to add new installation functionality without the complexity of the state and transaction management.<br>Security Fix(es):<br><li> Ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> A playbook executed by Ansible Engine 2.9.25 inside a virtual machine running on Red Hat Virtualization 4.4.9 correctly detects that this is a virtual machine running on Red Hat Virtualization by using Ansible facts. (BZ#1904085)</li> <li> Red Hat Virtualization now supports Ansible-2.9.27 for internal usage. (BZ#2003671)</li> <li> Previously, upgrading from Red Hat Virtualization 4.3 failed when using an isolated network during IPv6 deployment. In this release, a forward network is used instead of an isolated network during an IPv6 deployment. As a result, upgrade from Red Hat Virtualization 4.3 using IPv6 now succeeds. (BZ#1947709)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ansible | <2.9.27-1.el8ae | 2.9.27-1.el8ae |
| redhat/otopi | <1.9.6-2.el8e | 1.9.6-2.el8e |
| redhat/ovirt-ansible-collection | <1.6.5-1.el8e | 1.6.5-1.el8e |
| redhat/ovirt-imageio | <2.3.0-1.el8e | 2.3.0-1.el8e |
| redhat/ansible | <2.9.27-1.el8ae | 2.9.27-1.el8ae |
| redhat/otopi-common | <1.9.6-2.el8e | 1.9.6-2.el8e |
| redhat/otopi-debug-plugins | <1.9.6-2.el8e | 1.9.6-2.el8e |
| redhat/ovirt-imageio-client | <2.3.0-1.el8e | 2.3.0-1.el8e |
| redhat/ovirt-imageio-common | <2.3.0-1.el8e | 2.3.0-1.el8e |
| redhat/ovirt-imageio-common-debuginfo | <2.3.0-1.el8e | 2.3.0-1.el8e |
| redhat/ovirt-imageio-daemon | <2.3.0-1.el8e | 2.3.0-1.el8e |
| redhat/ovirt-imageio-debugsource | <2.3.0-1.el8e | 2.3.0-1.el8e |
| redhat/python3-otopi | <1.9.6-2.el8e | 1.9.6-2.el8e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1947709
- https://bugzilla.redhat.com/show_bug.cgi?id=1975767
- https://bugzilla.redhat.com/show_bug.cgi?id=2003671
- https://bugzilla.redhat.com/show_bug.cgi?id=2010670
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2021:4703 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2021:4703
- agent/software-canonical-lookup
- package-manager/redhat