- Issued:
- 2020-04-02
- Updated:
- 2020-04-02
RHSA-2020:1308 - Security Advisory
Synopsis
Low: Red Hat Virtualization Engine security, bug fix 4.3.9
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update is now available for Red Hat Virtualization Engine 4.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The org.ovirt.engine-root is a core component of oVirt.
The following packages have been upgraded to a later upstream version: org.ovirt.engine-root (4.3.8.2), ovirt-engine-dwh (4.3.8), ovirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0), ovirt-imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui (1.6.0), rhv-log-collector-analyzer (0.2.15), v2v-conversion-host (1.16.0). (BZ#1767333, BZ#1776722, BZ#1779587, BZ#1779631)
Security Fix(es):
- CVE-2019-17195
- CVE-2019-10086
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are versioned templates in database (BZ#1688781)
- [ovirt-fast-forward-upgrade] Error: ovirt-engine-setup-plugin-ovirt-engine conflicts with ovirt-engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979)
- Users immediately logged out from User portal due to negative UserSessionTimeOutInterval (BZ#1757423)
- Fluentd error when stopping metrics services through playbook on 4.3 (BZ#1772506)
- [downstream clone - 4.3.8] From VM Portal, users cannot create Operating System Windows VM. (BZ#1773580)
- MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged [RHV clone - 4.3.8] (BZ#1779664)
- Metric Store reports all hosts in Default cluster regardless of cluster assignment. (BZ#1780234)
Enhancement(s):
- RFE for offline installation of RHV Metrics Store (BZ#1711873)
- [RFE] Compare storage with database for discrepancies (BZ#1739106)
- [RFE] RHV+Metrics Store - Support a Flat DNS environment without subdomains (BZ#1782412)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Virtualization Manager 4.3 x86_64
- Red Hat Virtualization Manager 4 for RHEL 7 x86_64
- Red Hat Virtualization 4 for RHEL 7 x86_64
Fixes
- BZ - 1752522 - ovirt-fast-forward-upgrade: Upgrade from 4.2 to 4.3 fails with UnicodeEncodeError
- BZ - 1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
- BZ - 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
- BZ - 1789737 - Import of OVA created from template fails with java.lang.NullPointerException [RHV clone - 4.3.9]
- BZ - 1792874 - Hide partial engine-cleanup option [RHV clone - 4.3.9]
- BZ - 1797496 - Add RHCOS os to osinfo - for compatability API between 4.3 to 4.4
- BZ - 1801310 - Module ovirt disk parameter storage domain has default option in documentation
- BZ - 1808038 - Unable to change Graphical Console of HE VM. [RHV clone - 4.3.9]
- BZ - 1808607 - RHVM 4.3.8.2 has Security Vulnerability Tenable Plugin ID 133165 in apache-commons-beanutils-1.8.3-14.el7
- BZ - 1809470 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine [RHV clone - 4.3.9]
- BZ - 1810527 - Upgrade rhvm-dependencies to 4.3.2
Red Hat Virtualization Manager 4.3
SRPM | |
---|---|
ovirt-engine-4.3.9.3-0.1.el7.src.rpm | SHA-256: 6cac21d10095180b682788665fd3e7d05840d2189f04cfb2d3de5adc91bcdf3a |
ovirt-engine-extension-aaa-misc-1.0.4-1.el7ev.src.rpm | SHA-256: ea36a65170da82cc36143fe76c5f2cb69e7c1d84b08525afe7f7eb22df69f478 |
ovirt-fast-forward-upgrade-1.0.0-17.el7ev.src.rpm | SHA-256: 14f734cb578dd616e17c83d6cacd403a82ffebe7897a584bb34dab62cd2e86fb |
rhvm-dependencies-4.3.2-1.el7ev.src.rpm | SHA-256: 0efc4af6b72ee4ee0be56533059da3e15d966c674bb234478ce437db99d6321e |
x86_64 | |
ovirt-engine-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 591b299e8e5f09f7c58a5ade10ce7c725e3ffd95163fe1946b18a2c06962631e |
ovirt-engine-backend-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 85fc847e35d8160624a1024863d58b62517ff38d7ec1bf04c5381554c3f83747 |
ovirt-engine-dbscripts-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: d33ab6ccb399540a01d51411896cc94f9e30a07773497598fc3b41df50e4c9b8 |
ovirt-engine-extension-aaa-misc-1.0.4-1.el7ev.noarch.rpm | SHA-256: b25771e3681b7189ff9fda6c0b8d2f168d12245b94679f6e7ade08051316764b |
ovirt-engine-extensions-api-impl-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 3dd95835b341e2f324ee20266a4e8da4477dd9e031365e9c492f234cb6ed6f48 |
ovirt-engine-extensions-api-impl-javadoc-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: b06b71989b104f7da0661d862e642e657b2e7f9ce65a7ba1f22dd6c7bbf48fc4 |
ovirt-engine-health-check-bundler-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 0da6268b8e8e8ca7a990a5bb2c64d7d3ff35e786e6c3985b4e7ee6160c38b1e4 |
ovirt-engine-restapi-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 44bc492b4e6aea6199dec368ce6935c14824b519b2a76a90a99c8967ce7a1c02 |
ovirt-engine-setup-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 3b43d537cc107a2beea3b5061cbca5d213149980efa16a9a12e1f0484a51d856 |
ovirt-engine-setup-base-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: af6cc7f7a2f923a6fc93fec88e45d0f7be0a0c8d92618ae6c79766856523d743 |
ovirt-engine-setup-plugin-cinderlib-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: e639b58708c36210367fb69ed4ce5133e14f3df7df719454a6df2a5e18da324b |
ovirt-engine-setup-plugin-ovirt-engine-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 050a0b32c175eef75d8e2e332fec962bc1f81443dfe33244f4d0132ed01a2e4e |
ovirt-engine-setup-plugin-ovirt-engine-common-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: cf598ba4447b479fd0c74eddfb48860bc39ab54d240f0ed9f9576df1647a3cf6 |
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 31e72f4fff2bd6aa96ffa6b44190dc854e5750b38d9a9f076fca0e88f6d35cc9 |
ovirt-engine-setup-plugin-websocket-proxy-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 4360c3ceac0b6c843ecedbb62725516fd3f2645a720737f3781706ecf9189369 |
ovirt-engine-tools-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 5f753375d8ccc6e833e66bb1045c22060dce5b2fef45c813e34d75f462d356b6 |
ovirt-engine-tools-backup-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: fdd7ce3f1732624ee76cb478b894ba9831a9e33160448b327910d9389055fd01 |
ovirt-engine-vmconsole-proxy-helper-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 4c6868cec508c3aa6d98538657b53ab061eabb5d8f1b57b1e8ed2c43263b7def |
ovirt-engine-webadmin-portal-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: dcb854887e33c297c328aefd7737113352d43654ff38a8d90445379c91f6cebc |
ovirt-engine-websocket-proxy-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 8eadac22b00ea6b734ccba35c5518fcb67a3a5691eab003b579c6f5272009a5d |
ovirt-fast-forward-upgrade-1.0.0-17.el7ev.noarch.rpm | SHA-256: 22d7144e6bb60e1103f57f7bdeeb6f70fe515baa895f75c4be93eda10f3af1cb |
python2-ovirt-engine-lib-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: d36d05ac40c9a31d44aa92bfb690d017dd7cbbd78c9126bcf02cb5109c245d31 |
rhvm-4.3.9.3-0.1.el7.noarch.rpm | SHA-256: 61e892af49037bd27897d0c3764567e7405f03d94b6aba01733c30a94e43320c |
rhvm-dependencies-4.3.2-1.el7ev.noarch.rpm | SHA-256: 0f729ff93e3fe56dc6d20b5b8581d25e4c81db65c6e2a3fc530c9ba4e32f082c |
Red Hat Virtualization Manager 4 for RHEL 7
SRPM | |
---|---|
apache-commons-beanutils-1.8.3-15.el7_7.src.rpm | SHA-256: b6ff96eeb979cf503048245f5ac530f714ac794be65c650b0452b4d26bbdf7dc |
x86_64 | |
apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm | SHA-256: 45e2989e5ec2fbb8e416914bdb335fb8cfb7958e52ade5b67b9aae1de6edeb88 |
apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm | SHA-256: b68e2a41a28da9b8f2b68b33a16aaa98195efd6698842052bc8e868b30f3ce6e |
Red Hat Virtualization 4 for RHEL 7
SRPM | |
---|---|
apache-commons-beanutils-1.8.3-15.el7_7.src.rpm | SHA-256: b6ff96eeb979cf503048245f5ac530f714ac794be65c650b0452b4d26bbdf7dc |
x86_64 | |
apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm | SHA-256: 45e2989e5ec2fbb8e416914bdb335fb8cfb7958e52ade5b67b9aae1de6edeb88 |
apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm | SHA-256: b68e2a41a28da9b8f2b68b33a16aaa98195efd6698842052bc8e868b30f3ce6e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.