logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2020:3247) Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API). A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes Security Fix(es): * apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) * libquartz: XXE attacks via job description (CVE-2019-13990) * novnc: XSS vulnerability via the messages propagated to the status field (CVE-2017-18635) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195) * ovirt-engine: response_type parameter allows reflected XSS (CVE-2019-19336) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * ovirt-engine: Redirect to arbitrary URL allows for phishing (CVE-2020-10775) * Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Affected Package


OS OS Version Package Name Package Version
RedHat 8 python3-aniso8601 0.82-4.el8ost
RedHat 8 unboundid-ldapsdk 4.0.14-1.el8ev
RedHat 8 rhv-log-collector-analyzer 1.0.2-1.el8ev
RedHat 8 ovirt-engine-extension-aaa-ldap-setup 1.4.0-1.el8ev
RedHat 8 vdsm-jsonrpc-java 1.5.4-1.el8ev
RedHat 8 ovirt-engine-dwh-grafana-integration-setup 4.4.1.2-1.el8ev
RedHat 8 apache-commons-collections4 4.4-1.el8ev
RedHat 8 rhvm-dependencies 4.4.0-1.el8ev
RedHat 8 rhv-log-collector-analyzer 1.0.2-1.el8ev
RedHat 8 ovirt-cockpit-sso 0.1.4-1.el8ev
RedHat 8 ovirt-engine 4.4.1.8-0.7.el8ev
RedHat 8 apache-commons-jexl 2.1.1-1.el8ev
RedHat 8 openstack-java-cinder-client 3.2.9-1.el8ev
RedHat 8 openstack-java-nova-model 3.2.9-1.el8ev
RedHat 8 apache-commons-jxpath 1.3-29.el8ev
RedHat 8 python-notario 0.0.16-2.el8cp
RedHat 8 java-client-kubevirt 0.5.0-1.el8ev
RedHat 8 python3-six 1.12.0-1.el8ost
RedHat 8 apache-commons-jexl-javadoc 2.1.1-1.el8ev
RedHat 8 ovirt-engine-metrics 1.4.1.1-1.el8ev
RedHat 8 python-flask 1.0.2-2.el8ost
RedHat 8 novnc 1.1.0-1.el8ost
RedHat 8 rhvm-setup-plugins 4.4.2-1.el8ev
RedHat 8 python-websocket-client 0.54.0-1.el8ost
RedHat 8 python3-websocket-client 0.54.0-1.el8ost
RedHat 8 python-werkzeug 0.16.0-1.el8ost
RedHat 8 snmp4j-javadoc 2.4.1-1.el8ev
RedHat 8 ovirt-engine 4.4.1.8-0.7.el8ev
RedHat 8 apache-commons-compress 1.18-1.el8ev
RedHat 8 python-netaddr 0.7.19-8.1.el8ost
RedHat 8 xmlrpc-common 3.1.3-1.el8ev
RedHat 8 apache-commons-vfs 2.4.1-1.el8ev
RedHat 8 ws-commons-util-javadoc 1.0.2-1.el8ev
RedHat 8 python-aniso8601 0.82-4.el8ost
RedHat 8 ws-commons-util 1.0.2-1.el8ev
RedHat 8 ovirt-engine-ui-extensions 1.2.2-1.el8ev
RedHat 8 ed25519-java 0.3.0-1.el8ev
RedHat 8 python3-ovsdbapp 0.17.1-0.20191216120142.206cf14.el8ost
RedHat 8 m2crypto-debugsource 0.35.2-5.el8ev
RedHat 8 ovirt-engine-extension-aaa-jdbc 1.2.0-1.el8ev
RedHat 8 python-six 1.12.0-1.el8ost
RedHat 8 ovirt-web-ui 1.6.3-1.el8ev
RedHat 8 apache-commons-compress-javadoc 1.18-1.el8ev
RedHat 8 openstack-java-heat-model 3.2.9-1.el8ev
RedHat 8 ovirt-engine-setup-base 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-web-ui 1.6.3-1.el8ev
RedHat 8 ovirt-engine-extension-aaa-misc 1.1.0-1.el8ev
RedHat 8 openstack-java-swift-client 3.2.9-1.el8ev
RedHat 8 python3-pbr 5.1.2-2.el8ost
RedHat 8 engine-db-query 1.6.1-1.el8ev
RedHat 8 ovirt-engine-setup 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-engine-setup-plugin-vmconsole-proxy-helper 4.4.1.8-0.7.el8ev
RedHat 8 log4j12 1.2.17-22.el8ev
RedHat 8 apache-commons-configuration 1.10-1.el8ev
RedHat 8 xmlrpc-javadoc 3.1.3-1.el8ev
RedHat 8 rhvm-branding-rhv 4.4.4-1.el8ev
RedHat 8 ws-commons-util 1.0.2-1.el8ev
RedHat 8 ovirt-fast-forward-upgrade 1.1.6-0.el8ev
RedHat 8 apache-sshd 2.5.1-1.el8ev
RedHat 8 ansible-runner 1.4.5-1.el8ar
RedHat 8 apache-commons-configuration 1.10-1.el8ev
RedHat 8 apache-commons-collections4-javadoc 4.4-1.el8ev
RedHat 8 ansible-runner-service 1.0.2-1.el8ev
RedHat 8 python-ovsdbapp 0.17.1-0.20191216120142.206cf14.el8ost
RedHat 8 ovirt-engine-extension-logger-log4j 1.1.0-1.el8ev
RedHat 8 ovirt-engine-setup-plugin-ovirt-engine-common 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-engine-websocket-proxy 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-scheduler-proxy 0.1.9-1.el8ev
RedHat 8 rhvm-dependencies 4.4.0-1.el8ev
RedHat 8 ovirt-engine-extensions-api-javadoc 1.0.1-1.el8ev
RedHat 8 openstack-java-quantum-model 3.2.9-1.el8ev
RedHat 8 ovirt-engine-health-check-bundler 4.4.1.8-0.7.el8ev
RedHat 8 apache-commons-collections4 4.4-1.el8ev
RedHat 8 ovirt-engine-extension-aaa-jdbc 1.2.0-1.el8ev
RedHat 8 openstack-java-ceilometer-model 3.2.9-1.el8ev
RedHat 8 ovirt-cockpit-sso 0.1.4-1.el8ev
RedHat 8 openstack-java-cinder-model 3.2.9-1.el8ev
RedHat 8 java-client-kubevirt 0.5.0-1.el8ev
RedHat 8 log4j12 1.2.17-22.el8ev
RedHat 8 openstack-java-nova-client 3.2.9-1.el8ev
RedHat 8 ovirt-engine-dbscripts 4.4.1.8-0.7.el8ev
RedHat 8 apache-commons-vfs 2.4.1-1.el8ev
RedHat 8 openstack-java-heat-client 3.2.9-1.el8ev
RedHat 8 makeself 2.4.0-4.el8ev
RedHat 8 python2-netaddr 0.7.19-8.1.el8ost
RedHat 8 ovirt-engine-restapi 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-engine-extension-aaa-misc 1.1.0-1.el8ev
RedHat 8 python-pbr 5.1.2-2.el8ost
RedHat 8 rhvm-branding-rhv 4.4.4-1.el8ev
RedHat 8 ovirt-engine-ui-extensions 1.2.2-1.el8ev
RedHat 8 python3-werkzeug-doc 0.16.0-1.el8ost
RedHat 8 ovirt-engine-webadmin-portal 4.4.1.8-0.7.el8ev
RedHat 8 unboundid-ldapsdk-javadoc 4.0.14-1.el8ev
RedHat 8 snmp4j 2.4.1-1.el8ev
RedHat 8 ovirt-engine-api-explorer 0.0.6-1.el8ev
RedHat 8 apache-commons-compress 1.18-1.el8ev
RedHat 8 ovirt-engine-extension-aaa-ldap 1.4.0-1.el8ev
RedHat 8 unboundid-ldapsdk 4.0.14-1.el8ev
RedHat 8 apache-sshd-javadoc 2.5.1-1.el8ev
RedHat 8 apache-commons-jexl 2.1.1-1.el8ev
RedHat 8 ovirt-engine-setup-plugin-websocket-proxy 4.4.1.8-0.7.el8ev
RedHat 8 xmlrpc 3.1.3-1.el8ev
RedHat 8 ovirt-engine-dwh-setup 4.4.1.2-1.el8ev
RedHat 8 ovirt-engine-tools 4.4.1.8-0.7.el8ev
RedHat 8 snmp4j 2.4.1-1.el8ev
RedHat 8 rhvm-setup-plugins 4.4.2-1.el8ev
RedHat 8 python3-m2crypto-debuginfo 0.35.2-5.el8ev
RedHat 8 ed25519-java-javadoc 0.3.0-1.el8ev
RedHat 8 ansible-runner-service 1.0.2-1.el8ev
RedHat 8 ovirt-engine-tools-backup 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-engine-extensions-api 1.0.1-1.el8ev
RedHat 8 python3-m2crypto 0.35.2-5.el8ev
RedHat 8 novnc 1.1.0-1.el8ost
RedHat 8 ansible-runner 1.4.5-1.el8ar
RedHat 8 openstack-java-glance-client 3.2.9-1.el8ev
RedHat 8 ovirt-engine-dwh 4.4.1.2-1.el8ev
RedHat 8 ovirt-engine-extension-logger-log4j 1.1.0-1.el8ev
RedHat 8 apache-commons-vfs-examples 2.4.1-1.el8ev
RedHat 8 apache-commons-vfs-ant 2.4.1-1.el8ev
RedHat 8 ovirt-engine-extensions-api 1.0.1-1.el8ev
RedHat 8 ovirt-fast-forward-upgrade 1.1.6-0.el8ev
RedHat 8 ovirt-engine-backend 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-engine-setup-plugin-cinderlib 4.4.1.8-0.7.el8ev
RedHat 8 xmlrpc-server 3.1.3-1.el8ev
RedHat 8 rhvm 4.4.1.8-0.7.el8ev
RedHat 8 ovirt-scheduler-proxy 0.1.9-1.el8ev
RedHat 8 ovirt-engine-vmconsole-proxy-helper 4.4.1.8-0.7.el8ev
RedHat 8 python3-netaddr 0.7.19-8.1.el8ost
RedHat 8 python3-ovirt-engine-lib 4.4.1.8-0.7.el8ev
RedHat 8 ed25519-java 0.3.0-1.el8ev
RedHat 8 xmlrpc-client 3.1.3-1.el8ev
RedHat 8 python-flask-restful 0.3.6-8.el8ost
RedHat 8 openstack-java-glance-model 3.2.9-1.el8ev
RedHat 8 openstack-java-keystone-client 3.2.9-1.el8ev
RedHat 8 ovirt-log-collector 4.4.2-1.el8ev
RedHat 8 python2-pbr 5.1.2-2.el8ost
RedHat 8 openstack-java-client 3.2.9-1.el8ev
RedHat 8 openstack-java-sdk 3.2.9-1.el8ev
RedHat 8 engine-db-query 1.6.1-1.el8ev
RedHat 8 openstack-java-resteasy-connector 3.2.9-1.el8ev
RedHat 8 python3-werkzeug 0.16.0-1.el8ost
RedHat 8 apache-commons-jxpath 1.3-29.el8ev
RedHat 8 ovirt-log-collector 4.4.2-1.el8ev
RedHat 8 apache-commons-vfs-javadoc 2.4.1-1.el8ev
RedHat 8 m2crypto 0.35.2-5.el8ev
RedHat 8 python3-ansible-runner 1.4.5-1.el8ar
RedHat 8 openstack-java-swift-model 3.2.9-1.el8ev
RedHat 8 makeself 2.4.0-4.el8ev
RedHat 8 apache-sshd 2.5.1-1.el8ev
RedHat 8 ebay-cors-filter 1.0.1-4.el8ev
RedHat 8 python3-flask 1.0.2-2.el8ost
RedHat 8 openstack-java-quantum-client 3.2.9-1.el8ev
RedHat 8 ebay-cors-filter 1.0.1-4.el8ev
RedHat 8 openstack-java-keystone-model 3.2.9-1.el8ev
RedHat 8 python2-six 1.12.0-1.el8ost
RedHat 8 vdsm-jsonrpc-java 1.5.4-1.el8ev
RedHat 8 python3-notario 0.0.16-2.el8cp
RedHat 8 log4j12-javadoc 1.2.17-22.el8ev
RedHat 8 ovirt-engine-extension-aaa-ldap 1.4.0-1.el8ev
RedHat 8 ovirt-engine-setup-plugin-imageio 4.4.1.8-0.7.el8ev
RedHat 8 python-flask-doc 1.0.2-2.el8ost
RedHat 8 python3-flask-restful 0.3.6-8.el8ost
RedHat 8 openstack-java-ceilometer-client 3.2.9-1.el8ev
RedHat 8 ovirt-engine-metrics 1.4.1.1-1.el8ev
RedHat 8 openstack-java-javadoc 3.2.9-1.el8ev
RedHat 8 ovirt-engine-dwh 4.4.1.2-1.el8ev
RedHat 8 apache-commons-jxpath-javadoc 1.3-29.el8ev
RedHat 8 ovirt-engine-api-explorer 0.0.6-1.el8ev
RedHat 8 ovirt-engine-setup-plugin-ovirt-engine 4.4.1.8-0.7.el8ev

Related