(RHSA-2023:0074) Important: RHV 4.4 SP1 [ovirt-4.5.3-3] security update

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security fix(es):

• mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

• isomorphic-git: Directory traversal via a crafted repository (CVE-2021-30483)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• With this release, SELinux rules for the Grafana HTTP port are now properly set up for new remote DWH installations as part of the Red Hat Virtualization Manager engine-setup. (BZ#2126778)

• Previously, search conditions were not applied properly when a non-admin user tried to search for Clusters or Data Centers over the REST API. In this release, both admin and non-admin users can search for clusters properly using the REST API. (BZ#2144346)

• Previously, stale bitmaps in the base image during a cold or live internal merge caused the operation to fail. In this release, the merge operation succeeds. (BZ#2141371)