Issued:
2021-11-16
Updated:
2021-11-16

RHSA-2021:4703 - Important: RHV Engine and Host Common Packages security update [ovirt-4.4.9]

Synopsis

Important: RHV Engine and Host Common Packages security update [ovirt-4.4.9]

Type/Severity

Security Advisory Important

Topic

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The ovirt.ovirt package (previously ovirt-ansible-collection) manages all oVirt Ansible modules.

The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

otopi is a standalone, plug-in based installation framework to be used to set up system components. The plug-in nature provides simplicity to add new installation functionality without the complexity of the state and transaction management.

Security Fix(es):

  • Ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • A playbook executed by Ansible Engine 2.9.25 inside a virtual machine running on Red Hat Virtualization 4.4.9 correctly detects that this is a virtual machine running on Red Hat Virtualization by using Ansible facts. (BZ#1904085)

  • Red Hat Virtualization now supports Ansible-2.9.27 for internal usage. (BZ#2003671)

  • Previously, upgrading from Red Hat Virtualization 4.3 failed when using an isolated network during IPv6 deployment. In this release, a forward network is used instead of an isolated network during an IPv6 deployment. As a result, upgrade from Red Hat Virtualization 4.3 using IPv6 now succeeds. (BZ#1947709)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

ProductVersionArch
Red Hat Virtualization4x86_64
Red Hat Virtualization for IBM Power LE4ppc64le
Red Hat Virtualization Manager4.4x86_64
Red Hat Enterprise Linux for x86_648x86_64
Red Hat Enterprise Linux for Power, little endian8ppc64le

Updated Packages

  • ovirt-imageio-client-2.3.0-1.el8ev.ppc64le.rpm
  • otopi-1.9.6-2.el8ev.src.rpm
  • ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.ppc64le.rpm
  • ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.x86_64.rpm
  • python3-otopi-1.9.6-2.el8ev.noarch.rpm
  • otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm
  • ovirt-imageio-daemon-2.3.0-1.el8ev.x86_64.rpm
  • ansible-2.9.27-1.el8ae.src.rpm
  • ovirt-imageio-2.3.0-1.el8ev.src.rpm
  • ovirt-imageio-common-2.3.0-1.el8ev.x86_64.rpm
  • ovirt-imageio-debugsource-2.3.0-1.el8ev.x86_64.rpm
  • ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm
  • ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm
  • ovirt-imageio-common-2.3.0-1.el8ev.ppc64le.rpm
  • otopi-common-1.9.6-2.el8ev.noarch.rpm
  • ansible-2.9.27-1.el8ae.noarch.rpm
  • ovirt-imageio-daemon-2.3.0-1.el8ev.ppc64le.rpm
  • ovirt-imageio-debugsource-2.3.0-1.el8ev.ppc64le.rpm
  • ovirt-imageio-client-2.3.0-1.el8ev.x86_64.rpm

Fixes

CVEs

References

Additional information