Red Hat Product Errata RHSA-2021:4703 - Security Advisory
Issued:
2021-11-16
Updated:
2021-11-16

RHSA-2021:4703 - Security Advisory

Synopsis

Important: RHV Engine and Host Common Packages security update [ovirt-4.4.9]

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The ovirt.ovirt package (previously ovirt-ansible-collection) manages all oVirt Ansible modules.

The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

otopi is a standalone, plug-in based installation framework to be used to set up system components. The plug-in nature provides simplicity to add new installation functionality without the complexity of the state and transaction management.

Security Fix(es):

  • Ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • A playbook executed by Ansible Engine 2.9.25 inside a virtual machine running on Red Hat Virtualization 4.4.9 correctly detects that this is a virtual machine running on Red Hat Virtualization by using Ansible facts. (BZ#1904085)
  • Red Hat Virtualization now supports Ansible-2.9.27 for internal usage. (BZ#2003671)
  • Previously, upgrading from Red Hat Virtualization 4.3 failed when using an isolated network during IPv6 deployment. In this release, a forward network is used instead of an isolated network during an IPv6 deployment. As a result, upgrade from Red Hat Virtualization 4.3 using IPv6 now succeeds. (BZ#1947709)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization Manager 4.4 x86_64
  • Red Hat Virtualization 4 for RHEL 8 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 8 ppc64le
  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Fixes

  • BZ - 1947709 - [IPv6] HostedEngineLocal is an isolated libvirt network, breaking upgrades from 4.3
  • BZ - 1975767 - CVE-2021-3620 Ansible: ansible-connection module discloses sensitive info in traceback error message
  • BZ - 2003671 - Bump Ansible distributed within RHV channels to 2.9.27
  • BZ - 2010670 - Upgrade otopi to 1.9.6

Red Hat Virtualization Manager 4.4

SRPM
ansible-2.9.27-1.el8ae.src.rpm SHA-256: 2ec789860f93223b2aec87d14da59f2e8470bde161185d30a52f2270623e6145
otopi-1.9.6-2.el8ev.src.rpm SHA-256: f9b7f4b86b8d9fcbeba7ee7aec1b6a01fb9b731665b3d25eb884b5d2cdc44487
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7
ovirt-imageio-2.3.0-1.el8ev.src.rpm SHA-256: 89fc03c2fe177d9b39c3c2ab11b9c18514dd64718baede4ff4d647a347a323c0
x86_64
ansible-2.9.27-1.el8ae.noarch.rpm SHA-256: af017f523bf816179c5e9de9df7dad22a277531b7741d78871530f45b8288436
otopi-common-1.9.6-2.el8ev.noarch.rpm SHA-256: 21af35650b0f2d5b176af6606c4279fd346ee2368cb08e2ea7b8408ace513726
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm SHA-256: 030684263c1eae9d13fd01ee45caa8098b219b63688a5fa27a30273ff04c838c
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523
ovirt-imageio-client-2.3.0-1.el8ev.x86_64.rpm SHA-256: 3a8aa70b71e70adc39500ee5676d4e95808158116fac87cb1aa9b426e88ed6ee
ovirt-imageio-common-2.3.0-1.el8ev.x86_64.rpm SHA-256: 64ee782e66feb2c92105f53a6ea07f3263263ca335d65eb4b0a1cfa5058a0494
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.x86_64.rpm SHA-256: 8b5daa4955827c0370020f97a58b92a98bf780eb68fcef1283f47aa8449a96c4
ovirt-imageio-daemon-2.3.0-1.el8ev.x86_64.rpm SHA-256: 287d086c3272e5fcdec858653100de3bfecd977cf75f6d708052027965b01c7b
ovirt-imageio-debugsource-2.3.0-1.el8ev.x86_64.rpm SHA-256: acb6e843585a95605c52abae3f7f932fb25b64c95b63b62131a011b68fb0e2fd
python3-otopi-1.9.6-2.el8ev.noarch.rpm SHA-256: 6d12638459f2a01eb564ce6a60082aea1c1e1ecd69c42eca718e3aabde641557

Red Hat Virtualization 4 for RHEL 8

SRPM
ansible-2.9.27-1.el8ae.src.rpm SHA-256: 2ec789860f93223b2aec87d14da59f2e8470bde161185d30a52f2270623e6145
otopi-1.9.6-2.el8ev.src.rpm SHA-256: f9b7f4b86b8d9fcbeba7ee7aec1b6a01fb9b731665b3d25eb884b5d2cdc44487
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7
ovirt-imageio-2.3.0-1.el8ev.src.rpm SHA-256: 89fc03c2fe177d9b39c3c2ab11b9c18514dd64718baede4ff4d647a347a323c0
x86_64
ansible-2.9.27-1.el8ae.noarch.rpm SHA-256: af017f523bf816179c5e9de9df7dad22a277531b7741d78871530f45b8288436
otopi-common-1.9.6-2.el8ev.noarch.rpm SHA-256: 21af35650b0f2d5b176af6606c4279fd346ee2368cb08e2ea7b8408ace513726
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm SHA-256: 030684263c1eae9d13fd01ee45caa8098b219b63688a5fa27a30273ff04c838c
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523
ovirt-imageio-client-2.3.0-1.el8ev.x86_64.rpm SHA-256: 3a8aa70b71e70adc39500ee5676d4e95808158116fac87cb1aa9b426e88ed6ee
ovirt-imageio-common-2.3.0-1.el8ev.x86_64.rpm SHA-256: 64ee782e66feb2c92105f53a6ea07f3263263ca335d65eb4b0a1cfa5058a0494
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.x86_64.rpm SHA-256: 8b5daa4955827c0370020f97a58b92a98bf780eb68fcef1283f47aa8449a96c4
ovirt-imageio-daemon-2.3.0-1.el8ev.x86_64.rpm SHA-256: 287d086c3272e5fcdec858653100de3bfecd977cf75f6d708052027965b01c7b
ovirt-imageio-debugsource-2.3.0-1.el8ev.x86_64.rpm SHA-256: acb6e843585a95605c52abae3f7f932fb25b64c95b63b62131a011b68fb0e2fd
python3-otopi-1.9.6-2.el8ev.noarch.rpm SHA-256: 6d12638459f2a01eb564ce6a60082aea1c1e1ecd69c42eca718e3aabde641557

Red Hat Virtualization for IBM Power LE 4 for RHEL 8

SRPM
ansible-2.9.27-1.el8ae.src.rpm SHA-256: 2ec789860f93223b2aec87d14da59f2e8470bde161185d30a52f2270623e6145
otopi-1.9.6-2.el8ev.src.rpm SHA-256: f9b7f4b86b8d9fcbeba7ee7aec1b6a01fb9b731665b3d25eb884b5d2cdc44487
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7
ovirt-imageio-2.3.0-1.el8ev.src.rpm SHA-256: 89fc03c2fe177d9b39c3c2ab11b9c18514dd64718baede4ff4d647a347a323c0
ppc64le
ansible-2.9.27-1.el8ae.noarch.rpm SHA-256: af017f523bf816179c5e9de9df7dad22a277531b7741d78871530f45b8288436
otopi-common-1.9.6-2.el8ev.noarch.rpm SHA-256: 21af35650b0f2d5b176af6606c4279fd346ee2368cb08e2ea7b8408ace513726
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm SHA-256: 030684263c1eae9d13fd01ee45caa8098b219b63688a5fa27a30273ff04c838c
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523
ovirt-imageio-client-2.3.0-1.el8ev.ppc64le.rpm SHA-256: 99f790c9e9e0fe9d73db5ea1b3c94b1a2558fd182bd39f9a66a0fa0aed86f467
ovirt-imageio-common-2.3.0-1.el8ev.ppc64le.rpm SHA-256: 3918f3aa82b175775aa12aa54dab0fd1f20c63c7f0799b018dca6d1727e15e00
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.ppc64le.rpm SHA-256: c7edbcbd3f1e5d673bbecb7c517c6ee0c2d033eaca3b4dbf19dace8de1e2d7c9
ovirt-imageio-daemon-2.3.0-1.el8ev.ppc64le.rpm SHA-256: 57758d111d2091094f8645d639bb48bacea76e355b04c91fc9120339a652272d
ovirt-imageio-debugsource-2.3.0-1.el8ev.ppc64le.rpm SHA-256: 2ec2124f8cf25d7e2505c72bdddb2c8bb16c642fabdc524ac8ee4f2f9ba509c3
python3-otopi-1.9.6-2.el8ev.noarch.rpm SHA-256: 6d12638459f2a01eb564ce6a60082aea1c1e1ecd69c42eca718e3aabde641557

Red Hat Enterprise Linux for x86_64 8

SRPM
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7
x86_64
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523

Red Hat Enterprise Linux for Power, little endian 8

SRPM
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7
ppc64le
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.