Issued:

2022-05-26

Updated:

2022-05-26

RHSA-2022:4711 - Moderate: RHV Manager ovirt-engine - [ovirt-4.5.0] security update

Synopsis

Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update

Type/Severity

Security Advisory Moderate

Topic

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security Fix(es):

• nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

• nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)

• normalize-url: ReDoS for data URLs (CVE-2021-33502)

• jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)

• jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)

• jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A list of bugs fixed in this update is available in the Technical Notes book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

Updated Packages

• ovirt-engine-dwh-4.5.2-1.el8ev.noarch.rpm
• rhv-log-collector-analyzer-1.0.13-1.el8ev.src.rpm
• ovirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-dependencies-4.5.1-1.el8ev.noarch.rpm
• vdsm-jsonrpc-java-1.7.1-2.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-tools-4.5.0.7-0.9.el8ev.noarch.rpm
• python38-docutils-0.14-12.4.el8ev.noarch.rpm
• engine-db-query-1.6.4-1.el8ev.src.rpm
• ansible-runner-2.1.3-1.el8ev.src.rpm
• ovirt-engine-ui-extensions-1.3.3-1.el8ev.src.rpm
• apache-sshd-2.8.0-0.1.el8ev.noarch.rpm
• ovirt-engine-metrics-1.6.0-1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-web-ui-1.8.1-2.el8ev.noarch.rpm
• vdsm-jsonrpc-java-1.7.1-2.el8ev.src.rpm
• ovirt-engine-dwh-setup-4.5.2-1.el8ev.noarch.rpm
• ovirt-engine-setup-4.5.0.7-0.9.el8ev.noarch.rpm
• engine-db-query-1.6.4-1.el8ev.noarch.rpm
• ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-restapi-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-log-collector-4.4.5-1.el8ev.src.rpm
• ovirt-engine-dbscripts-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm
• apache-sshd-javadoc-2.8.0-0.1.el8ev.noarch.rpm
• ovirt-engine-backend-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-web-ui-1.8.1-2.el8ev.src.rpm
• python3-ovirt-engine-lib-4.5.0.7-0.9.el8ev.noarch.rpm
• rhvm-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-4.5.0.7-0.9.el8ev.src.rpm
• rhv-log-collector-analyzer-1.0.13-1.el8ev.noarch.rpm
• ovirt-engine-dwh-grafana-integration-setup-4.5.2-1.el8ev.noarch.rpm
• ovirt-engine-metrics-1.6.0-1.el8ev.src.rpm
• ovirt-log-collector-4.4.5-1.el8ev.noarch.rpm
• vdsm-jsonrpc-java-javadoc-1.7.1-2.el8ev.noarch.rpm
• ovirt-engine-tools-backup-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm
• rhvm-branding-rhv-4.4.11-1.el8ev.noarch.rpm
• python38-ansible-runner-2.1.3-1.el8ev.noarch.rpm
• rhvm-branding-rhv-4.4.11-1.el8ev.src.rpm
• rhvm-setup-plugins-4.5.0-2.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev.noarch.rpm
• ovirt-engine-ui-extensions-1.3.3-1.el8ev.noarch.rpm
• rhvm-setup-plugins-4.5.0-2.el8ev.src.rpm
• apache-sshd-2.8.0-0.1.el8ev.src.rpm
• ovirt-engine-setup-base-4.5.0.7-0.9.el8ev.noarch.rpm
• ansible-runner-2.1.3-1.el8ev.noarch.rpm
• ovirt-engine-dwh-4.5.2-1.el8ev.src.rpm
• ovirt-dependencies-4.5.1-1.el8ev.src.rpm

Fixes

• This content is not included.BZ - 655153
• This content is not included.BZ - 977778
• This content is not included.BZ - 1624015
• This content is not included.BZ - 1648985
• This content is not included.BZ - 1667517
• This content is not included.BZ - 1687845
• This content is not included.BZ - 1781241
• This content is not included.BZ - 1782056
• This content is not included.BZ - 1849169
• This content is not included.BZ - 1878930
• This content is not included.BZ - 1922977
• This content is not included.BZ - 1926625
• This content is not included.BZ - 1927985
• This content is not included.BZ - 1944290
• This content is not included.BZ - 1944834
• This content is not included.BZ - 1956295
• This content is not included.BZ - 1959186
• This content is not included.BZ - 1964208
• This content is not included.BZ - 1964461
• This content is not included.BZ - 1971622
• This content is not included.BZ - 1974741
• This content is not included.BZ - 1979441
• This content is not included.BZ - 1979797
• This content is not included.BZ - 1980192
• This content is not included.BZ - 1986726
• This content is not included.BZ - 1986834
• This content is not included.BZ - 1987121
• This content is not included.BZ - 1988496
• This content is not included.BZ - 1990462
• This content is not included.BZ - 1991240
• This content is not included.BZ - 1995793
• This content is not included.BZ - 1996123
• This content is not included.BZ - 1998255
• This content is not included.BZ - 1999698
• This content is not included.BZ - 2000031
• This content is not included.BZ - 2002283
• This content is not included.BZ - 2003883
• This content is not included.BZ - 2003996
• This content is not included.BZ - 2006602
• This content is not included.BZ - 2006745
• This content is not included.BZ - 2007384
• This content is not included.BZ - 2007557
• This content is not included.BZ - 2008798
• This content is not included.BZ - 2010203
• This content is not included.BZ - 2010903
• This content is not included.BZ - 2013928
• This content is not included.BZ - 2014888
• This content is not included.BZ - 2015796
• This content is not included.BZ - 2019144
• This content is not included.BZ - 2019148
• This content is not included.BZ - 2019153
• This content is not included.BZ - 2021217
• This content is not included.BZ - 2023250
• This content is not included.BZ - 2023786
• This content is not included.BZ - 2024202
• This content is not included.BZ - 2025936
• This content is not included.BZ - 2030596
• This content is not included.BZ - 2030663
• This content is not included.BZ - 2031027
• This content is not included.BZ - 2035051
• This content is not included.BZ - 2037115
• This content is not included.BZ - 2037121
• This content is not included.BZ - 2040361
• This content is not included.BZ - 2040402
• This content is not included.BZ - 2040474
• This content is not included.BZ - 2041544
• This content is not included.BZ - 2043146
• This content is not included.BZ - 2044273
• This content is not included.BZ - 2048546
• This content is not included.BZ - 2050566
• This content is not included.BZ - 2050614
• This content is not included.BZ - 2051857
• This content is not included.BZ - 2052557
• This content is not included.BZ - 2052690
• This content is not included.BZ - 2054756
• This content is not included.BZ - 2055136
• This content is not included.BZ - 2056021
• This content is not included.BZ - 2056052
• This content is not included.BZ - 2056126
• This content is not included.BZ - 2058264
• This content is not included.BZ - 2059521
• This content is not included.BZ - 2059877
• This content is not included.BZ - 2061904
• This content is not included.BZ - 2065052
• This content is not included.BZ - 2066084
• This content is not included.BZ - 2066283
• This content is not included.BZ - 2069972
• This content is not included.BZ - 2070156
• This content is not included.BZ - 2071468
• This content is not included.BZ - 2072637
• This content is not included.BZ - 2072639
• This content is not included.BZ - 2072641
• This content is not included.BZ - 2072642
• This content is not included.BZ - 2072645
• This content is not included.BZ - 2072646
• This content is not included.BZ - 2075352

CVEs

• CVE-2021-3807
• CVE-2021-23425
• CVE-2021-33502
• CVE-2021-41182
• CVE-2021-41183
• CVE-2021-41184

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.