(RHSA-2018:2071) Moderate: Red Hat Virtualization Manager security, bug fix, and enhancement update

The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).

The following packages have been upgraded to a later version:

• org.ovirt.engine-root (4.2.4.5). (BZ#1576752)

Security Fix(es):

• ovirt-engine: Unfiltered password when choosing manual db provisioning (CVE-2018-1075)

• ovirt-engine-setup: unfiltered db password in engine-backup log (CVE-2018-1072)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

These issues were discovered by Yedidyah Bar David (Red Hat).

Bug Fix(es):

• This update enables engine-setup to upgrade PostgreSQL 9.2 to 9.5, even when the locale of the 9.2 database is different from the system locale. (BZ#1579268)

• This update fixes an inefficient query that is generated when users click on the ‘Users’ tab in the Administration Portal. The fix ensures that the tab loads quicker. (BZ#1583619)

Enhancement(s):

• The storage domain’s General sub-tab in the Administration Portal now shows the number of images on the storage domain under the rubric “Images”, this corresponds to the number of LVs on a block domain. (BZ#1587885)