What is the severity of RHSA-2022:8502?

The severity of RHSA-2022:8502 is classified as important.

How do I fix RHSA-2022:8502?

To fix RHSA-2022:8502, update the affected ovirt-engine and related packages to the specified versions: 4.5.3.2-1.el8e or 4.5.7-1.el8e.

What software is affected by RHSA-2022:8502?

RHSA-2022:8502 affects multiple packages within the Red Hat Virtualization environment, including ovirt-engine, ovirt-engine-dwh, and others.

When was RHSA-2022:8502 published?

RHSA-2022:8502 was published on December 14, 2022.

Is RHSA-2022:8502 a security vulnerability?

Yes, RHSA-2022:8502 addresses a security vulnerability in the ovirt-engine package.

Vulnerability/
RHSA-2022:8502

16/11/2022

20/6/2024

RHSA-2022:8502: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.3] bug fix and security update

First published: Wed Nov 16 2022(Updated: )

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Security Fix(es): <li> follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)</li> <li> ovirt-engine: RHVM admin password is logged unfiltered when using otopi-style (CVE-2022-2805)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): <li> Ghost OVFs are written when using floating SD to migrate VMs between 2 RHV environments. (BZ#1705338)</li> <li> RHV engine is reporting a delete disk with wipe as completing successfully when it actually fails from a timeout. (BZ#1836318)</li> <li> [DR] Failover / Failback HA VM Fails to be started due to 'VM XXX is being imported' (BZ#1968433)</li> <li> Virtual Machine with lease fails to run on DR failover (BZ#1974535)</li> <li> Disk is missing after importing VM from Storage Domain that was detached from another DC. (BZ#1983567)</li> <li> Unable to switch RHV host into maintenance mode as there are image transfer in progress (BZ#2123141)</li> <li> not able to import disk in 4.5.2 (BZ#2134549)</li> Enhancement(s): <li> [RFE] Show last events for user VMs (BZ#1886211)</li>

Affected Software	Affected Version	How to fix
redhat/ovirt-engine	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-dwh	<4.5.7-1.el8e	4.5.7-1.el8e
redhat/ovirt-engine-ui-extensions	<1.3.6-1.el8e	1.3.6-1.el8e
redhat/ovirt-web-ui	<1.9.2-1.el8e	1.9.2-1.el8e
redhat/ovirt-engine-backend	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-dbscripts	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-dwh-grafana-integration-setup	<4.5.7-1.el8e	4.5.7-1.el8e
redhat/ovirt-engine-dwh-setup	<4.5.7-1.el8e	4.5.7-1.el8e
redhat/ovirt-engine-health-check-bundler	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-restapi	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-base	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-plugin-cinderlib	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-plugin-imageio	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-plugin-ovirt-engine	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-plugin-ovirt-engine-common	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-setup-plugin-websocket-proxy	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-tools	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-tools-backup	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-vmconsole-proxy-helper	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-webadmin-portal	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/ovirt-engine-websocket-proxy	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/python3-ovirt-engine-lib	<4.5.3.2-1.el8e	4.5.3.2-1.el8e
redhat/rhvm	<4.5.3.2-1.el8e	4.5.3.2-1.el8e

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2022:8502 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2022:8502?
The severity of RHSA-2022:8502 is classified as important.
How do I fix RHSA-2022:8502?
To fix RHSA-2022:8502, update the affected ovirt-engine and related packages to the specified versions: 4.5.3.2-1.el8e or 4.5.7-1.el8e.
What software is affected by RHSA-2022:8502?
RHSA-2022:8502 affects multiple packages within the Red Hat Virtualization environment, including ovirt-engine, ovirt-engine-dwh, and others.
When was RHSA-2022:8502 published?
RHSA-2022:8502 was published on December 14, 2022.
Is RHSA-2022:8502 a security vulnerability?
Yes, RHSA-2022:8502 addresses a security vulnerability in the ovirt-engine package.

agent/type
agent/severity
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/references
agent/title
agent/tags
agent/description
agent/event
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2022:8502
agent/software-canonical-lookup
package-manager/redhat

RHSA-2022:8502: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.3] bug fix and security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2022:8502?

How do I fix RHSA-2022:8502?

What software is affected by RHSA-2022:8502?

When was RHSA-2022:8502 published?

Is RHSA-2022:8502 a security vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2022:8502?

How do I fix RHSA-2022:8502?

What software is affected by RHSA-2022:8502?

When was RHSA-2022:8502 published?

Is RHSA-2022:8502 a security vulnerability?