RHSA-2022:6392: Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update

First published: Thu Sep 08 2022(Updated: )

The ovirt-host package consolidates host package requirements into a single meta package.<br>Security Fix(es):<br><li> moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> The hosted-engine-ha binaries have been moved from /usr/share to /usr/libexec. As a result, the hosted-engine --clean-metadata command fails. With this release, you must use the new path for the command to succeed: /usr/libexec/ovirt-hosted-engine-ha/ovirt-ha-agent (BZ#2105781)</li> <li> A new warning has been added to the vdsm-tool to protect users from using the unsupported user_friendly_names multipath configuration. The following is an example of the output:</li> $ vdsm-tool is-configured --module multipath<br>WARNING: Invalid configuration: 'user_friendly_names' is enabled in multipath configuration:<br> section1 {<br> key1 value1<br> user_friendly_names yes<br> key2 value2<br> }<br> section2 {<br> user_friendly_names yes<br> }<br>This configuration is not supported and may lead to storage domain corruption. (BZ#1793207)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2022:6392
• agent/software-canonical-lookup
• package-manager/redhat