Issued:

2023-01-11

Updated:

2023-01-11

RHSA-2023:0074 - Important: RHV 4.4 SP1 [ovirt-4.5.3-3] security update

Synopsis

Important: RHV 4.4 SP1 [ovirt-4.5.3-3] security update

Type/Severity

Security Advisory Important

Topic

Updated RHV packages that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security fix(es):

• mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

• isomorphic-git: Directory traversal via a crafted repository (CVE-2021-30483)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• With this release, SELinux rules for the Grafana HTTP port are now properly set up for new remote DWH installations as part of the Red Hat Virtualization Manager engine-setup. (BZ#2126778)

• Previously, search conditions were not applied properly when a non-admin user tried to search for Clusters or Data Centers over the REST API. In this release, both admin and non-admin users can search for clusters properly using the REST API. (BZ#2144346)

• Previously, stale bitmaps in the base image during a cold or live internal merge caused the operation to fail. In this release, the merge operation succeeds. (BZ#2141371)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Affected Products

Updated Packages

• ovirt-engine-health-check-bundler-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-vmconsole-proxy-helper-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-hook-checkips-4.50.3.6-1.el8ev.x86_64.rpm
• rhvm-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-web-ui-1.9.3-1.el8ev.src.rpm
• ovirt-engine-restapi-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-ui-extensions-1.3.7-1.el8ev.src.rpm
• ovirt-engine-websocket-proxy-4.5.3.5-1.el8ev.noarch.rpm
• rhv-log-collector-analyzer-1.0.16-1.el8ev.src.rpm
• vdsm-python-4.50.3.6-1.el8ev.noarch.rpm
• ovirt-engine-tools-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-setup-base-4.5.3.5-1.el8ev.noarch.rpm
• apache-sshd-2.9.2-0.1.el8ev.src.rpm
• vdsm-hook-nestedvt-4.50.3.6-1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-web-ui-1.9.3-1.el8ev.noarch.rpm
• vdsm-jsonrpc-4.50.3.6-1.el8ev.noarch.rpm
• apache-sshd-javadoc-2.9.2-0.1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-ovirt-engine-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-4.5.3.5-1.el8ev.src.rpm
• vdsm-api-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-4.50.3.6-1.el8ev.ppc64le.rpm
• vdsm-client-4.50.3.6-1.el8ev.noarch.rpm
• ovirt-engine-webadmin-portal-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-backend-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-hook-ethtool-options-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-hook-fcoe-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-hook-localdisk-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-hook-vhostmd-4.50.3.6-1.el8ev.noarch.rpm
• ovirt-engine-tools-backup-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-common-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-4.50.3.6-1.el8ev.x86_64.rpm
• ovirt-engine-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-websocket-proxy-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-hook-checkips-4.50.3.6-1.el8ev.ppc64le.rpm
• vdsm-hook-openstacknet-4.50.3.6-1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-imageio-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-network-4.50.3.6-1.el8ev.x86_64.rpm
• vdsm-yajsonrpc-4.50.3.6-1.el8ev.noarch.rpm
• ovirt-engine-setup-4.5.3.5-1.el8ev.noarch.rpm
• rhv-log-collector-analyzer-1.0.16-1.el8ev.noarch.rpm
• apache-sshd-2.9.2-0.1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.5-1.el8ev.noarch.rpm
• ovirt-engine-ui-extensions-1.3.7-1.el8ev.noarch.rpm
• ovirt-engine-setup-plugin-cinderlib-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-4.50.3.6-1.el8ev.src.rpm
• vdsm-hook-extra-ipv4-addrs-4.50.3.6-1.el8ev.ppc64le.rpm
• vdsm-hook-extra-ipv4-addrs-4.50.3.6-1.el8ev.x86_64.rpm
• vdsm-http-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-hook-cpuflags-4.50.3.6-1.el8ev.noarch.rpm
• vdsm-network-4.50.3.6-1.el8ev.ppc64le.rpm
• python3-ovirt-engine-lib-4.5.3.5-1.el8ev.noarch.rpm
• vdsm-gluster-4.50.3.6-1.el8ev.x86_64.rpm
• ovirt-engine-dbscripts-4.5.3.5-1.el8ev.noarch.rpm

Fixes

• This content is not included.BZ - 1988539
• This content is not included.BZ - 2126778
• This content is not included.BZ - 2141371
• This content is not included.BZ - 2144346
• This content is not included.BZ - 2145194
• This content is not included.BZ - 2152015
• This content is not included.BZ - 2152845

CVEs

• CVE-2021-30483
• CVE-2022-45047

References

• https://access.redhat.com/security/updates/classification/#important

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.