Issued:: 2024-02-21
Updated:: 2024-02-21

RHSA-2024:0934 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat Virtualization security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Security fixes:

ovirt: authentication bypass (CVE-2024-0822)

Bug fixes:

During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Affected Products

Red Hat Virtualization Manager 4.4 x86_64

Fixes

BZ - 2244641 - During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request
BZ - 2258509 - CVE-2024-0822 ovirt: authentication bypass

CVEs

CVE-2024-0822

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization Manager 4.4

SRPM
ovirt-engine-4.5.3.10-1.el8ev.src.rpm	SHA-256: 12cc1bd9e96442c68583ecd11cf69efef2fa634474a41706d4e9700c450defec
x86_64
ovirt-engine-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: d5c43597f65db7dc4deea8583e80ea31d8308b151ed09e0d9afdc355c3fb2fd9
ovirt-engine-backend-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: f36765ad0d51e0c9c3cc05146546606f0e029ec4161f32e7be7e785825450a18
ovirt-engine-dbscripts-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: e35c6d93dc172f05d6d3e577a21ea7316850bdf3baa14a1486f764248b5af548
ovirt-engine-health-check-bundler-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: db2315964a89df5aaf2b1437e5bfc6ed6947464e9903b78813fe132033e35e24
ovirt-engine-restapi-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: cef4edf88daae5d3d462f287c2e43ca6f1653e4aea0fe13a22b77d377e0f1218
ovirt-engine-setup-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 8e376b370e3646aacb07689901b5d1f6c5b09252aa18a0324ee01f5e1e5807ef
ovirt-engine-setup-base-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 89a0692694e2a8af76f13159e08c49244cf00c9be0f50a13ee77dc7b8bf913be
ovirt-engine-setup-plugin-cinderlib-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 252a565282a45aafad937e8a9b7380d4afea046cf325a2159d62e268e889f406
ovirt-engine-setup-plugin-imageio-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 5e2de17f1cd9d22db988d57bd5bd428917eb03d66b9ad8f6702aa9d5e04a14d2
ovirt-engine-setup-plugin-ovirt-engine-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: a6458b7e1f543c4528dd2e3a1e3a4193790ef2162abbdd3757f3195f6f74c7bc
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: fb11e5a985135ac077d71afa0be709d097333f096402b3f30f9a21a8a8c0f53e
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: ac29fd57a8971f697897bed8f187412dc285b2cdc9f5590dc46b337ec1003ee1
ovirt-engine-setup-plugin-websocket-proxy-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 84a095c4c508eafcfa6e208e968f8d2195b230ce01fc9fcab34b772a5512b661
ovirt-engine-tools-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 7436dc35beeff6888b9800f08d7e738988879eb149a670e7ddc21f5da3541dda
ovirt-engine-tools-backup-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: c50759d0f01ddd6cac78e30744bf93dfecae2220337503dc241559cfb1a9b954
ovirt-engine-vmconsole-proxy-helper-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 22568a00f4da552f4ae3be4d1f1923eda752690068801c16e0ec08980668ce8a
ovirt-engine-webadmin-portal-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 7568e37222494e01e8b942524bb387c665b9d53d53ea9996921d2c38fa6adb2f
ovirt-engine-websocket-proxy-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: aafb1683e83d1286e9123c81bb08018daadf990cb4ccd3e5400fd8071549ac84
python3-ovirt-engine-lib-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: b4dedd4903665ae4e26ec7dce6249d5c0346d229e3b48fde730a9bc3709667ab
rhvm-4.5.3.10-1.el8ev.noarch.rpm	SHA-256: 7e35239c987d66c56d1848f8b8ec293d3c000b8ee562a77534eccedc7284f957

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation