- 发布:
- 2021-04-14
- 已更新:
- 2021-04-14
RHSA-2021:1169 - Security Advisory
概述
Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement
类型/严重性
Security Advisory: Moderate
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
标题
An update is now available for Red Hat Virtualization Engine 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.
A list of bugs fixed in this update is available in the Technical Notes
book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Security Fix(es):
- nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS (CVE-2019-20921)
- m2crypto: bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657)
- datatables.net: prototype pollution if 'constructor' were used in a data property name (CVE-2020-28458)
- nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2020-28477)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
受影响的产品
- Red Hat Virtualization Manager 4.4 x86_64
修复
- BZ - 1145658 - Storage domain removal does not check if the storage domain contains any memory dumps.
- BZ - 1155275 - [RFE] - Online update LUN size to the Guest after LUN resize
- BZ - 1649479 - [RFE] OVF_STORE last update not exposed in the UI
- BZ - 1666786 - RHV-M reports "Balancing VM ${VM}" for ever as successful in the tasks list
- BZ - 1688186 - [RFE] CPU and NUMA Pinning shall be handled automatically
- BZ - 1729359 - Failed image upload leaves disk in locked state, requiring manual intervention to cleanup.
- BZ - 1787235 - [RFE] Offline disk move should log which host the data is being copied on in the audit log
- BZ - 1802844 - rest api setupnetworks: assignment_method should be inside ip_address_assignment
- BZ - 1837221 - [RFE] Allow using other than RSA SHA-1/SHA-2 public keys for SSH connections between RHVM and hypervisors
- BZ - 1843882 - network interface not added to public firewalld zone until host reboot
- BZ - 1858420 - Snapshot creation on host that engine then loses connection to results in missing snapshots table entry
- BZ - 1882273 - CVE-2019-20921 nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS
- BZ - 1884233 - oVirt-engine reports misleading login-domain for external RH-SSO accounts
- BZ - 1889823 - CVE-2020-25657 m2crypto: bleichenbacher timing attacks in the RSA decryption API
- BZ - 1895217 - Hosted-Engine --restore-from-file fails if backup has VM pinned to restore host and has no Icon set.
- BZ - 1901503 - Misleading error message, displaying Data Center Storage Type instead of its name
- BZ - 1901752 - AddVds fails as FIPS host rejects SSH with ssh-rsa, failing HostedEngine deployment
- BZ - 1905108 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address
- BZ - 1905158 - After upgrading RHVH 4.4.2 to 4.4.3 moves to non-operational due to missing CPU features : model_Cascadelake-Server
- BZ - 1908441 - CVE-2020-28458 datatables.net: prototype pollution if 'constructor' were used in a data property name
- BZ - 1910302 - [RFE] Allow SPM switching if all tasks have finished via UI
- BZ - 1913198 - Host deploy fails if 6+ hosts are deployed at the same time.
- BZ - 1914602 - [RHV 4.4] /var/lib/ovirt-engine/external_truststore (Permission denied)
- BZ - 1918162 - CVE-2020-28477 nodejs-immer: prototype pollution may lead to DoS or remote code execution
- BZ - 1919555 - Rebase apache-sshd to version 2.6.0 for RHV 4.4.5
- BZ - 1921104 - Bump required ansible version in RHV Manager 4.4.5
- BZ - 1921119 - RHV reports unsynced cluster when host QoS is in use.
- BZ - 1922200 - Checking the Engine database consistency takes too long to complete
- BZ - 1924012 - Rebase ansible-runner to 1.4.6
- BZ - 1926854 - [RFE] Requesting an audit log entry be added in LSM flow to display the host on which the internal volumes are copied
- BZ - 1927851 - [RFE] Add timezone AUS Eastern Standard Time
- BZ - 1931514 - [downstream] Cluster upgrade fails when using Intel Skylake Client/Server IBRS SSBD MDS Family
- BZ - 1931786 - Windows driver update does not work on cluster level 4.5
Red Hat Virtualization Manager 4.4
| SRPM | |
|---|---|
| ansible-runner-1.4.6-2.el8ar.src.rpm | SHA-256: 16d3b6b16d1cd2095c05c098073843d04be8d6cdce90556021b0a3a4ed6bedb7 |
| ansible-runner-service-1.0.7-1.el8ev.src.rpm | SHA-256: 08c2bef1d2f5d90dd0e404bc091a19d9df730b8c11b006191df5c6b3beaecfc1 |
| apache-sshd-2.6.0-1.el8ev.src.rpm | SHA-256: 85271d11aae3a6258381e64c8ec2c3475ba11ea6ba1f62b1bbcb20bd0622b7d4 |
| ovirt-engine-4.4.5.9-0.1.el8ev.src.rpm | SHA-256: e58eef12f20bedd0c0023d99f6302743ff3d8d6d5ffdd48499615a6d4b006d1e |
| ovirt-engine-dwh-4.4.5.5-1.el8ev.src.rpm | SHA-256: 0a244f1f7ea436f08dd341da00cdbbdd76a09de43317d3bf4b81f639dc6dc295 |
| ovirt-web-ui-1.6.7-1.el8ev.src.rpm | SHA-256: facb8ee7f82600f46a45eafc49dc76b9bf18d66f349fa6e3f051086d9002c385 |
| x86_64 | |
| ansible-runner-1.4.6-2.el8ar.noarch.rpm | SHA-256: 9b5a0a66ae5aeeaef8d71a34c8304903e88322a4f768d0a0b0a5364bace9f41c |
| ansible-runner-service-1.0.7-1.el8ev.noarch.rpm | SHA-256: 10d342ad299348c79794a66644862cb589ab1c3e32ffc7701a875346a9283965 |
| apache-sshd-2.6.0-1.el8ev.noarch.rpm | SHA-256: 9d114d42aa60b7108a228597c446294d67d00ffa9a4e8e2d7c4392914fc3b51c |
| apache-sshd-javadoc-2.6.0-1.el8ev.noarch.rpm | SHA-256: bfd53f153eaa73b7d2023969c03135c4f3078ee9c99c3bfba4766074585245f0 |
| ovirt-engine-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 16184851d6e5e87245aff30a772d99b97c54193975913887a8ee34c40105e6d6 |
| ovirt-engine-backend-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 2433351de74662e31abeca10059e7fe9f018723b138f18bb2b55b7f343d2fa75 |
| ovirt-engine-dbscripts-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: a1d949d475798a2ac2ed98761b69201c41bbfa4544968f3b9b41759ff39bceb4 |
| ovirt-engine-dwh-4.4.5.5-1.el8ev.noarch.rpm | SHA-256: e342e4eb689bc226791a951460661b71ec50949882d66d707f85181390de615f |
| ovirt-engine-dwh-grafana-integration-setup-4.4.5.5-1.el8ev.noarch.rpm | SHA-256: dd671e4b5e85b61413ef3e62a9621e04709f130d5c706cda192dbd2fec4b59a3 |
| ovirt-engine-dwh-setup-4.4.5.5-1.el8ev.noarch.rpm | SHA-256: 03dac3a307514684155192f1f2374da067796c4e0c9eeb9f1e9dff9d90cb0a5b |
| ovirt-engine-health-check-bundler-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 2b994fb12711766ccf79d87ec32ad8a6ae18fffdf566b5e516b355f5307795b3 |
| ovirt-engine-restapi-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 7da19cb9ac42613c19d5f4b7daf3f710003a6a8782794a1339f595d8e55ca9c2 |
| ovirt-engine-setup-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 4becdaa3ad057c4649529bc05e34cc0b60e9a33688f9f422d726e43336b41052 |
| ovirt-engine-setup-base-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 3699b6cc0b50d0ad97b3a02511a68bc0d8e91631f873d9465339831b0942b67a |
| ovirt-engine-setup-plugin-cinderlib-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 036e1929ade62ed0be4322210afca21aad9edaabebf5d7fcdcec8cc03948f434 |
| ovirt-engine-setup-plugin-imageio-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: c34692e8525c9feba5cc908cfe63e4978d901b1c15a89d2fab6bfecd010acafb |
| ovirt-engine-setup-plugin-ovirt-engine-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: ce2b0176dbb16e1d6cfff8e3c833c84b05ec24c96f0b9ed3aca906b6b46d75ea |
| ovirt-engine-setup-plugin-ovirt-engine-common-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: e94bb56b4ce20ac3cc09428ac48eeafec8561ace28d7c59ed35de167da2a71d5 |
| ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 82f6e031398674ffab5ccd654a3824f4bb0f6a15e3305f763a0ac3c3e8f07ec1 |
| ovirt-engine-setup-plugin-websocket-proxy-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: af5526d835e4bab89c32683da44816cedae54b5cf52ec92bfc6c03582395ed71 |
| ovirt-engine-tools-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: d0469aa9cccb0f43e80020cdcf2f6f297883e85e93f8afbe9e2ca499e68f2479 |
| ovirt-engine-tools-backup-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 27ad2b7984e81057db7082766045589e19c7e43e54f3d84491016ae19e2a363b |
| ovirt-engine-vmconsole-proxy-helper-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 64934b0fccbc087fa92ce8481080b7edc3ac189c0407d0c382793fd96a53321e |
| ovirt-engine-webadmin-portal-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 2fb1dd8f0e7ec220c48684a215923a37812f4d5749cfeb35d0313819db44c171 |
| ovirt-engine-websocket-proxy-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: ea2e3d565da6a10a0c69a7955fdc5273a051ddd0f2fcfd75ebacc0bdbfc3bb73 |
| ovirt-web-ui-1.6.7-1.el8ev.noarch.rpm | SHA-256: 45b167903b117dfe4b3c88a8a8e96fa431930fa13b4b8f54428127b7ef4e1004 |
| python3-ansible-runner-1.4.6-2.el8ar.noarch.rpm | SHA-256: b2841c47415190cddcd4389f9dcb26cea427bac14ed02054ef216e77e8c01c5f |
| python3-ovirt-engine-lib-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: d211c6d94e331381c44b3ac154d922f78dcf0aa11b5838cbeb6012f66ff21352 |
| rhvm-4.4.5.9-0.1.el8ev.noarch.rpm | SHA-256: 736c2bc2a4c35eb0464304c204b7f59d0062880427a392792e8c2b1707026580 |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。