Red Hat Product Errata RHSA-2023:0759 - Security Advisory
Issued:
2023-02-14
Updated:
2023-02-14

RHSA-2023:0759 - Security Advisory

Synopsis

Moderate: Red Hat Virtualization security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ovirt-ansible-collection, ovirt-engine, and postgresql-jdbc is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

Security Fix(es):

  • postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • With this release, the upgrade function of the ovirt_host module waits long enough for the upgraded host to reach the desired state after upgrade. (BZ#2161703)
  • Previously,the ovirt-enghine ansible-runner artifacts were only cleaned once, and the machine could run out of free disk space on the /var partition. In this release, the artifacts are cleaned periodically according to values defined in the AnsibleRunnerArtifactsCleanupCheckTimeInHours and AnsibleRunnerArtifactsLifetimeInDays engine-config options. (BZ#2151549)
  • Code change for BZ2089299 introduced a regression, which didn't allow to set options in the engine-config which restricted the allowable values using the validValues field (for example ClientModeVncDefault or UserSessionTimeOutInterval).

In this release, setting values for those fields works the same way as in RHV versions earlier than RHV 4.4 SP1 batch 3 (ovirt-engine-4.5.3). (BZ#2159768)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

If the postgresql service is running, it will be automatically restarted after installing this update.

Affected Products

  • Red Hat Virtualization Manager 4.4 x86_64
  • Red Hat Virtualization 4 for RHEL 8 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 8 ppc64le
  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Fixes

  • BZ - 2151549 - Artifacts of ansible-runner (executed from ovirt-engine) did not clean up as expected
  • BZ - 2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k
  • BZ - 2159768 - Regression in ClientModeVncDefault
  • BZ - 2161703 - [RHEVM] Two nodes cluster upgrade failed, tries to put a node into maintenance while the updated is rebooting

Red Hat Virtualization 4 for RHEL 8

SRPM
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm SHA-256: 0cd3b68e11dd6cb8c5613052f1739df9aca849be712b52fa8e47c0d849ed7551
x86_64
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm SHA-256: 5b496fda466662120f7a9429c2aa8b274e65156b9a97082de8c9455cc8439ccc

Red Hat Virtualization for IBM Power LE 4 for RHEL 8

SRPM
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm SHA-256: 0cd3b68e11dd6cb8c5613052f1739df9aca849be712b52fa8e47c0d849ed7551
ppc64le
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm SHA-256: 5b496fda466662120f7a9429c2aa8b274e65156b9a97082de8c9455cc8439ccc

Red Hat Enterprise Linux for Power, little endian 8

SRPM
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm SHA-256: 0cd3b68e11dd6cb8c5613052f1739df9aca849be712b52fa8e47c0d849ed7551
ppc64le
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm SHA-256: 5b496fda466662120f7a9429c2aa8b274e65156b9a97082de8c9455cc8439ccc

Red Hat Virtualization Manager 4.4

SRPM
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm SHA-256: 0cd3b68e11dd6cb8c5613052f1739df9aca849be712b52fa8e47c0d849ed7551
ovirt-engine-4.5.3.7-1.el8ev.src.rpm SHA-256: 7a775557f76fe4eee583bd9b577766c1d24567576b95bc4b93c4f1d2afa60288
postgresql-jdbc-42.2.14-2.el8ev.src.rpm SHA-256: 4bd6183e1b2c3bfc16701805bb37ff7da29b1d2250b2526189e2524106b77418
x86_64
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm SHA-256: 5b496fda466662120f7a9429c2aa8b274e65156b9a97082de8c9455cc8439ccc
ovirt-engine-4.5.3.7-1.el8ev.noarch.rpm SHA-256: ed554ccf12a91a4d44c4fa440ec9741b7ad1d47aba0961d7d7247f1f2b5a150b
ovirt-engine-backend-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 1afda0254debe515d1896387f398e8eb1ac67fe326d5c43a41b7dabe9acd6d6a
ovirt-engine-dbscripts-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 1c43e33a5fc843a1b82b5f26b6ce3f00ae54f0f7f15f8c36a22d62b3fef5abf0
ovirt-engine-health-check-bundler-4.5.3.7-1.el8ev.noarch.rpm SHA-256: eb4b227aaff99527f4dad892d8c6d4fec677e1c39194fad7de43c1864150bc1c
ovirt-engine-restapi-4.5.3.7-1.el8ev.noarch.rpm SHA-256: cc1fc6ce0108e18db522325cb9fbfec3453d4dc15a9f7e2310e57e74001c9670
ovirt-engine-setup-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 630b3271206e4a98e8a5cf0049ef66c19c5696b0295d81e29a5c8aa0e878a3d0
ovirt-engine-setup-base-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 101fbdeb38fe77d73d0267bd7e66e00eb5f6357dd7ec0a84d0681b0ccd1b4abc
ovirt-engine-setup-plugin-cinderlib-4.5.3.7-1.el8ev.noarch.rpm SHA-256: ac89b0235c20340d14d8461f2b7a77a129f72953da7231d2c93bd81e5233baef
ovirt-engine-setup-plugin-imageio-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 24a6e88d81d4117aeba52a8a4570e8a787b7d6995b03f2b02e314a696337fa1d
ovirt-engine-setup-plugin-ovirt-engine-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 234900940105db99ca51f78f4119660c774f88669128c61203741d48c460bcb1
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 346d133587f415e6d4f24e478868ad613ea20e8da33ed666531cc6a5fccdfb1a
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 32f101e1308233ad89cc1c1ef6e0b75d074b4a2a8a516184af8e627af3df148c
ovirt-engine-setup-plugin-websocket-proxy-4.5.3.7-1.el8ev.noarch.rpm SHA-256: ae241f3c5fb1c521446e9d496689ce928b369d1891686f8a6ea579a9a0a70aae
ovirt-engine-tools-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 2350610a979e62be5f591bafd97f8f58f4070d3a29e202532e1c9b5f6f12b75a
ovirt-engine-tools-backup-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 21b6a2c774ccf711f149a56553ec1352e95731e3d3d47e76a8823503b8730206
ovirt-engine-vmconsole-proxy-helper-4.5.3.7-1.el8ev.noarch.rpm SHA-256: a57cc859d13efd8f59392ade457894448993a173ee45b880e528e723912104f9
ovirt-engine-webadmin-portal-4.5.3.7-1.el8ev.noarch.rpm SHA-256: bba797349b9972fdf3d04c8999a6d6940b489f6555acfb58e0103c3e50e24211
ovirt-engine-websocket-proxy-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 23e70400d03caff30c07fa0ed6fb40bde1b0d2bca29c7ae5f1def528fed86609
postgresql-jdbc-42.2.14-2.el8ev.noarch.rpm SHA-256: 8f68c7d712ee19ec6ebb6aab820cf0390b6d12a1459872a380c5af184da4b5ad
postgresql-jdbc-javadoc-42.2.14-2.el8ev.noarch.rpm SHA-256: 6a342dbcfbd8227e0276026aa8d4479f18c8c18349eafb591c4676ca24b846ab
python3-ovirt-engine-lib-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 0cc9111884a92ec7cbf6519ee407581b903c77a23cdd7458333d3bf89f8aa673
rhvm-4.5.3.7-1.el8ev.noarch.rpm SHA-256: 75e1a544ba3313690cccf264e433a637b8c96b41e2644479d3e6bbcfc0dedc9a

Red Hat Enterprise Linux for x86_64 8

SRPM
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm SHA-256: 0cd3b68e11dd6cb8c5613052f1739df9aca849be712b52fa8e47c0d849ed7551
x86_64
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm SHA-256: 5b496fda466662120f7a9429c2aa8b274e65156b9a97082de8c9455cc8439ccc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.