Lucene search

HistoryJul 14, 2022 - 12:11 p.m.

(RHSA-2022:5555) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update


0.025 Low




The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security Fix(es):

  • nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

  • apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)

  • apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)

  • apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)

  • apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)

  • nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  • spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

  • semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A list of bugs fixed in this update is available in the Technical Notes book: