- Issued:
- 2021-06-01
- Updated:
- 2021-06-01
RHSA-2021:2180 - Security Advisory
Synopsis
Moderate: RHV Engine and Host Common Packages security update [ovirt-4.4.6]
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated dependency packages for ovirt-engine and ovirt-host that fix several security flaws, bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
- ansible: user data leak in snmp_facts module (CVE-2021-20178)
- ansible module: bitbucket_pipeline_variable exposes secured values (CVE-2021-20180)
- ansible: multiple modules expose secured values (CVE-2021-20191)
- ansible: basic.py no_log with fallback option (CVE-2021-20228)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Red Hat Virtualization 4.4.6 now requires Ansible 2.9.18 (BZ#1933672)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Virtualization Manager 4.4 x86_64
- Red Hat Virtualization 4 for RHEL 8 x86_64
- Red Hat Virtualization for IBM Power LE 4 for RHEL 8 ppc64le
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Fixes
- BZ - 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module
- BZ - 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values
- BZ - 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values
- BZ - 1924590 - "FIPS mode is not enabled as required" error occur in "Enforce FIPS mode" task when deploying hosted engine
- BZ - 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option
- BZ - 1933238 - Allow migration of vms in between the clusters using ansible
- BZ - 1933672 - Ansible security advisory RHSA-2021:0663 not included in RHV
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Virtualization Manager 4.4
| SRPM | |
|---|---|
| ansible-2.9.18-1.el8ae.src.rpm | SHA-256: cf4e8b6cbe204b00511f1438ff0698eabfad421662ccf4019ce726729c2a1389 |
| ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm | SHA-256: 9c1cc1d0cc42b0bcf5a5c9556ac40f10d777e552b461d76073f2f152a771d05a |
| python-ovirt-engine-sdk4-4.4.12-1.el8ev.src.rpm | SHA-256: f535a9f3de29fbac92b4f62d7731739038214a2807776cb7b7bbb7582f033c6d |
| rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.src.rpm | SHA-256: b6bc7fd36ce753b18711137ca3da61eed5096ec1bf639c78b41164016c37b09d |
| x86_64 | |
| ansible-2.9.18-1.el8ae.noarch.rpm | SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69 |
| ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm | SHA-256: 6e7502197bde1ecfc957528b5bb703f276d7d12d6bd4ce0e2aa27687cab849c6 |
| python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.x86_64.rpm | SHA-256: d91ac04eaac5172bd3993bda369898fadd74d19dc0405fc7f42e85539fec8c1a |
| python3-ovirt-engine-sdk4-4.4.12-1.el8ev.x86_64.rpm | SHA-256: 2ed89e2d0c40c74f752ec2cfaef1578c87e0b582c83167b033451b0c962826de |
| python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.x86_64.rpm | SHA-256: b5de8a2c5047a97af46ea8cd270f56625b75ab19919a739b6db30649f7bdc140 |
| rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.x86_64.rpm | SHA-256: d61a072a2be08b1954625e43b5b0d172c15336b2ede4708c4ec92e1acd92efaf |
| rubygem-ovirt-engine-sdk4-debuginfo-4.4.1-1.el8ev.x86_64.rpm | SHA-256: 0227404773f4424434d6def5d83c0ac7f8beaea573e646bccbc02d97cad4deb9 |
| rubygem-ovirt-engine-sdk4-debugsource-4.4.1-1.el8ev.x86_64.rpm | SHA-256: 64d5f95a6f197190f9a879c7877e24160a7652868c083ae5bcc2bd2ea8188023 |
| rubygem-ovirt-engine-sdk4-doc-4.4.1-1.el8ev.x86_64.rpm | SHA-256: 477212da47f5bf7a3a6aac9e0c053bf3187026a23dfc7c07e12be6dabd82fa9c |
Red Hat Virtualization 4 for RHEL 8
| SRPM | |
|---|---|
| ansible-2.9.18-1.el8ae.src.rpm | SHA-256: cf4e8b6cbe204b00511f1438ff0698eabfad421662ccf4019ce726729c2a1389 |
| ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm | SHA-256: 9c1cc1d0cc42b0bcf5a5c9556ac40f10d777e552b461d76073f2f152a771d05a |
| python-ovirt-engine-sdk4-4.4.12-1.el8ev.src.rpm | SHA-256: f535a9f3de29fbac92b4f62d7731739038214a2807776cb7b7bbb7582f033c6d |
| x86_64 | |
| ansible-2.9.18-1.el8ae.noarch.rpm | SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69 |
| ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm | SHA-256: 6e7502197bde1ecfc957528b5bb703f276d7d12d6bd4ce0e2aa27687cab849c6 |
| python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.x86_64.rpm | SHA-256: d91ac04eaac5172bd3993bda369898fadd74d19dc0405fc7f42e85539fec8c1a |
| python3-ovirt-engine-sdk4-4.4.12-1.el8ev.x86_64.rpm | SHA-256: 2ed89e2d0c40c74f752ec2cfaef1578c87e0b582c83167b033451b0c962826de |
| python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.x86_64.rpm | SHA-256: b5de8a2c5047a97af46ea8cd270f56625b75ab19919a739b6db30649f7bdc140 |
Red Hat Virtualization for IBM Power LE 4 for RHEL 8
| SRPM | |
|---|---|
| ansible-2.9.18-1.el8ae.src.rpm | SHA-256: cf4e8b6cbe204b00511f1438ff0698eabfad421662ccf4019ce726729c2a1389 |
| ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm | SHA-256: 9c1cc1d0cc42b0bcf5a5c9556ac40f10d777e552b461d76073f2f152a771d05a |
| ppc64le | |
| ansible-2.9.18-1.el8ae.noarch.rpm | SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69 |
| ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm | SHA-256: 6e7502197bde1ecfc957528b5bb703f276d7d12d6bd4ce0e2aa27687cab849c6 |
| python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.ppc64le.rpm | SHA-256: 79e554e0ff3c32285dee5b629873a4501515a714f5251f707d4f621e5025ad4b |
| python3-ovirt-engine-sdk4-4.4.12-1.el8ev.ppc64le.rpm | SHA-256: 1cee3b07695b9b284283d8bbc02ce266d114d805a901a4f44f0f68743410e26d |
| python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.ppc64le.rpm | SHA-256: 9f7850ce843e3b11780138d1345ad0c7ed9f70f206576841adc222b185159825 |
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm | SHA-256: 9c1cc1d0cc42b0bcf5a5c9556ac40f10d777e552b461d76073f2f152a771d05a |
| python-ovirt-engine-sdk4-4.4.12-1.el8ev.src.rpm | SHA-256: f535a9f3de29fbac92b4f62d7731739038214a2807776cb7b7bbb7582f033c6d |
| rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.src.rpm | SHA-256: b6bc7fd36ce753b18711137ca3da61eed5096ec1bf639c78b41164016c37b09d |
| x86_64 | |
| ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm | SHA-256: 6e7502197bde1ecfc957528b5bb703f276d7d12d6bd4ce0e2aa27687cab849c6 |
| python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.x86_64.rpm | SHA-256: d91ac04eaac5172bd3993bda369898fadd74d19dc0405fc7f42e85539fec8c1a |
| python3-ovirt-engine-sdk4-4.4.12-1.el8ev.x86_64.rpm | SHA-256: 2ed89e2d0c40c74f752ec2cfaef1578c87e0b582c83167b033451b0c962826de |
| python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.x86_64.rpm | SHA-256: b5de8a2c5047a97af46ea8cd270f56625b75ab19919a739b6db30649f7bdc140 |
| rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.x86_64.rpm | SHA-256: d61a072a2be08b1954625e43b5b0d172c15336b2ede4708c4ec92e1acd92efaf |
| rubygem-ovirt-engine-sdk4-debuginfo-4.4.1-1.el8ev.x86_64.rpm | SHA-256: 0227404773f4424434d6def5d83c0ac7f8beaea573e646bccbc02d97cad4deb9 |
| rubygem-ovirt-engine-sdk4-debugsource-4.4.1-1.el8ev.x86_64.rpm | SHA-256: 64d5f95a6f197190f9a879c7877e24160a7652868c083ae5bcc2bd2ea8188023 |
| rubygem-ovirt-engine-sdk4-doc-4.4.1-1.el8ev.x86_64.rpm | SHA-256: 477212da47f5bf7a3a6aac9e0c053bf3187026a23dfc7c07e12be6dabd82fa9c |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm | SHA-256: 9c1cc1d0cc42b0bcf5a5c9556ac40f10d777e552b461d76073f2f152a771d05a |
| python-ovirt-engine-sdk4-4.4.12-1.el8ev.src.rpm | SHA-256: f535a9f3de29fbac92b4f62d7731739038214a2807776cb7b7bbb7582f033c6d |
| rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.src.rpm | SHA-256: b6bc7fd36ce753b18711137ca3da61eed5096ec1bf639c78b41164016c37b09d |
| ppc64le | |
| ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm | SHA-256: 6e7502197bde1ecfc957528b5bb703f276d7d12d6bd4ce0e2aa27687cab849c6 |
| python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.ppc64le.rpm | SHA-256: 79e554e0ff3c32285dee5b629873a4501515a714f5251f707d4f621e5025ad4b |
| python3-ovirt-engine-sdk4-4.4.12-1.el8ev.ppc64le.rpm | SHA-256: 1cee3b07695b9b284283d8bbc02ce266d114d805a901a4f44f0f68743410e26d |
| python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.ppc64le.rpm | SHA-256: 9f7850ce843e3b11780138d1345ad0c7ed9f70f206576841adc222b185159825 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
