Issued:
2021-02-02
Updated:
2021-02-02

RHSA-2021:0381 - Low: RHV-Movirt-engine - 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]

Synopsis

Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]

Type/Severity

Security Advisory Low

Topic

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).

Security Fix(es):

  • jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Red Hat Virtualization Manager now requires Ansible 2.9.15. (BZ#1901946)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

ProductVersionArch
Red Hat Virtualization Manager4.4x86_64

Updated Packages

  • ovirt-engine-dwh-grafana-integration-setup-4.4.4.2-1.el8ev.noarch.rpm
  • ovirt-engine-restapi-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-setup-base-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-setup-plugin-imageio-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-tools-4.4.4.5-0.10.el8ev.noarch.rpm
  • python3-ovirt-engine-lib-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-health-check-bundler-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-setup-plugin-websocket-proxy-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-websocket-proxy-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-setup-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-dwh-4.4.4.2-1.el8ev.src.rpm
  • ovirt-engine-webadmin-portal-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-web-ui-1.6.6-1.el8ev.src.rpm
  • ovirt-engine-tools-backup-4.4.4.5-0.10.el8ev.noarch.rpm
  • vdsm-jsonrpc-java-1.6.0-1.el8ev.src.rpm
  • ovirt-engine-setup-plugin-cinderlib-4.4.4.5-0.10.el8ev.noarch.rpm
  • rhv-log-collector-analyzer-1.0.6-1.el8ev.noarch.rpm
  • ovirt-engine-backend-4.4.4.5-0.10.el8ev.noarch.rpm
  • vdsm-jsonrpc-java-1.6.0-1.el8ev.noarch.rpm
  • rhv-log-collector-analyzer-1.0.6-1.el8ev.src.rpm
  • ovirt-engine-setup-plugin-ovirt-engine-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-web-ui-1.6.6-1.el8ev.noarch.rpm
  • rhvm-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-vmconsole-proxy-helper-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-dwh-setup-4.4.4.2-1.el8ev.noarch.rpm
  • ovirt-engine-4.4.4.5-0.10.el8ev.src.rpm
  • rhvm-branding-rhv-4.4.7-1.el8ev.src.rpm
  • ovirt-engine-4.4.4.5-0.10.el8ev.noarch.rpm
  • rhvm-branding-rhv-4.4.7-1.el8ev.noarch.rpm
  • ovirt-engine-dbscripts-4.4.4.5-0.10.el8ev.noarch.rpm
  • ovirt-engine-dwh-4.4.4.2-1.el8ev.noarch.rpm
  • ovirt-engine-setup-plugin-ovirt-engine-common-4.4.4.5-0.10.el8ev.noarch.rpm

Fixes

CVEs

References

Additional information