- Issued:
- 2021-11-16
- Updated:
- 2021-11-16
RHSA-2021:4703 - Security Advisory
Synopsis
Important: RHV Engine and Host Common Packages security update [ovirt-4.4.9]
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The ovirt.ovirt package (previously ovirt-ansible-collection) manages all oVirt Ansible modules.
The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.
otopi is a standalone, plug-in based installation framework to be used to set up system components. The plug-in nature provides simplicity to add new installation functionality without the complexity of the state and transaction management.
Security Fix(es):
- Ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- A playbook executed by Ansible Engine 2.9.25 inside a virtual machine running on Red Hat Virtualization 4.4.9 correctly detects that this is a virtual machine running on Red Hat Virtualization by using Ansible facts. (BZ#1904085)
- Red Hat Virtualization now supports Ansible-2.9.27 for internal usage. (BZ#2003671)
- Previously, upgrading from Red Hat Virtualization 4.3 failed when using an isolated network during IPv6 deployment. In this release, a forward network is used instead of an isolated network during an IPv6 deployment. As a result, upgrade from Red Hat Virtualization 4.3 using IPv6 now succeeds. (BZ#1947709)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Virtualization Manager 4.4 x86_64
- Red Hat Virtualization 4 for RHEL 8 x86_64
- Red Hat Virtualization for IBM Power LE 4 for RHEL 8 ppc64le
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Fixes
- BZ - 1947709 - [IPv6] HostedEngineLocal is an isolated libvirt network, breaking upgrades from 4.3
- BZ - 1975767 - CVE-2021-3620 Ansible: ansible-connection module discloses sensitive info in traceback error message
- BZ - 2003671 - Bump Ansible distributed within RHV channels to 2.9.27
- BZ - 2010670 - Upgrade otopi to 1.9.6
CVEs
Red Hat Virtualization Manager 4.4
SRPM | |
---|---|
ansible-2.9.27-1.el8ae.src.rpm | SHA-256: 2ec789860f93223b2aec87d14da59f2e8470bde161185d30a52f2270623e6145 |
otopi-1.9.6-2.el8ev.src.rpm | SHA-256: f9b7f4b86b8d9fcbeba7ee7aec1b6a01fb9b731665b3d25eb884b5d2cdc44487 |
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm | SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7 |
ovirt-imageio-2.3.0-1.el8ev.src.rpm | SHA-256: 89fc03c2fe177d9b39c3c2ab11b9c18514dd64718baede4ff4d647a347a323c0 |
x86_64 | |
ansible-2.9.27-1.el8ae.noarch.rpm | SHA-256: af017f523bf816179c5e9de9df7dad22a277531b7741d78871530f45b8288436 |
otopi-common-1.9.6-2.el8ev.noarch.rpm | SHA-256: 21af35650b0f2d5b176af6606c4279fd346ee2368cb08e2ea7b8408ace513726 |
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm | SHA-256: 030684263c1eae9d13fd01ee45caa8098b219b63688a5fa27a30273ff04c838c |
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm | SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523 |
ovirt-imageio-client-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 3a8aa70b71e70adc39500ee5676d4e95808158116fac87cb1aa9b426e88ed6ee |
ovirt-imageio-common-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 64ee782e66feb2c92105f53a6ea07f3263263ca335d65eb4b0a1cfa5058a0494 |
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 8b5daa4955827c0370020f97a58b92a98bf780eb68fcef1283f47aa8449a96c4 |
ovirt-imageio-daemon-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 287d086c3272e5fcdec858653100de3bfecd977cf75f6d708052027965b01c7b |
ovirt-imageio-debugsource-2.3.0-1.el8ev.x86_64.rpm | SHA-256: acb6e843585a95605c52abae3f7f932fb25b64c95b63b62131a011b68fb0e2fd |
python3-otopi-1.9.6-2.el8ev.noarch.rpm | SHA-256: 6d12638459f2a01eb564ce6a60082aea1c1e1ecd69c42eca718e3aabde641557 |
Red Hat Virtualization 4 for RHEL 8
SRPM | |
---|---|
ansible-2.9.27-1.el8ae.src.rpm | SHA-256: 2ec789860f93223b2aec87d14da59f2e8470bde161185d30a52f2270623e6145 |
otopi-1.9.6-2.el8ev.src.rpm | SHA-256: f9b7f4b86b8d9fcbeba7ee7aec1b6a01fb9b731665b3d25eb884b5d2cdc44487 |
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm | SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7 |
ovirt-imageio-2.3.0-1.el8ev.src.rpm | SHA-256: 89fc03c2fe177d9b39c3c2ab11b9c18514dd64718baede4ff4d647a347a323c0 |
x86_64 | |
ansible-2.9.27-1.el8ae.noarch.rpm | SHA-256: af017f523bf816179c5e9de9df7dad22a277531b7741d78871530f45b8288436 |
otopi-common-1.9.6-2.el8ev.noarch.rpm | SHA-256: 21af35650b0f2d5b176af6606c4279fd346ee2368cb08e2ea7b8408ace513726 |
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm | SHA-256: 030684263c1eae9d13fd01ee45caa8098b219b63688a5fa27a30273ff04c838c |
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm | SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523 |
ovirt-imageio-client-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 3a8aa70b71e70adc39500ee5676d4e95808158116fac87cb1aa9b426e88ed6ee |
ovirt-imageio-common-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 64ee782e66feb2c92105f53a6ea07f3263263ca335d65eb4b0a1cfa5058a0494 |
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 8b5daa4955827c0370020f97a58b92a98bf780eb68fcef1283f47aa8449a96c4 |
ovirt-imageio-daemon-2.3.0-1.el8ev.x86_64.rpm | SHA-256: 287d086c3272e5fcdec858653100de3bfecd977cf75f6d708052027965b01c7b |
ovirt-imageio-debugsource-2.3.0-1.el8ev.x86_64.rpm | SHA-256: acb6e843585a95605c52abae3f7f932fb25b64c95b63b62131a011b68fb0e2fd |
python3-otopi-1.9.6-2.el8ev.noarch.rpm | SHA-256: 6d12638459f2a01eb564ce6a60082aea1c1e1ecd69c42eca718e3aabde641557 |
Red Hat Virtualization for IBM Power LE 4 for RHEL 8
SRPM | |
---|---|
ansible-2.9.27-1.el8ae.src.rpm | SHA-256: 2ec789860f93223b2aec87d14da59f2e8470bde161185d30a52f2270623e6145 |
otopi-1.9.6-2.el8ev.src.rpm | SHA-256: f9b7f4b86b8d9fcbeba7ee7aec1b6a01fb9b731665b3d25eb884b5d2cdc44487 |
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm | SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7 |
ovirt-imageio-2.3.0-1.el8ev.src.rpm | SHA-256: 89fc03c2fe177d9b39c3c2ab11b9c18514dd64718baede4ff4d647a347a323c0 |
ppc64le | |
ansible-2.9.27-1.el8ae.noarch.rpm | SHA-256: af017f523bf816179c5e9de9df7dad22a277531b7741d78871530f45b8288436 |
otopi-common-1.9.6-2.el8ev.noarch.rpm | SHA-256: 21af35650b0f2d5b176af6606c4279fd346ee2368cb08e2ea7b8408ace513726 |
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm | SHA-256: 030684263c1eae9d13fd01ee45caa8098b219b63688a5fa27a30273ff04c838c |
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm | SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523 |
ovirt-imageio-client-2.3.0-1.el8ev.ppc64le.rpm | SHA-256: 99f790c9e9e0fe9d73db5ea1b3c94b1a2558fd182bd39f9a66a0fa0aed86f467 |
ovirt-imageio-common-2.3.0-1.el8ev.ppc64le.rpm | SHA-256: 3918f3aa82b175775aa12aa54dab0fd1f20c63c7f0799b018dca6d1727e15e00 |
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.ppc64le.rpm | SHA-256: c7edbcbd3f1e5d673bbecb7c517c6ee0c2d033eaca3b4dbf19dace8de1e2d7c9 |
ovirt-imageio-daemon-2.3.0-1.el8ev.ppc64le.rpm | SHA-256: 57758d111d2091094f8645d639bb48bacea76e355b04c91fc9120339a652272d |
ovirt-imageio-debugsource-2.3.0-1.el8ev.ppc64le.rpm | SHA-256: 2ec2124f8cf25d7e2505c72bdddb2c8bb16c642fabdc524ac8ee4f2f9ba509c3 |
python3-otopi-1.9.6-2.el8ev.noarch.rpm | SHA-256: 6d12638459f2a01eb564ce6a60082aea1c1e1ecd69c42eca718e3aabde641557 |
Red Hat Enterprise Linux for x86_64 8
SRPM | |
---|---|
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm | SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7 |
x86_64 | |
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm | SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523 |
Red Hat Enterprise Linux for Power, little endian 8
SRPM | |
---|---|
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm | SHA-256: 61a0fba52521b3ed9e52dd0d5d1f83fae47ffc95a5fa9f450d184ce39ab469a7 |
ppc64le | |
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm | SHA-256: d2dfc8b292940fbc44dc475089f66886cddef1ee993437d4c1cd05de9f2e3523 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.