Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]

Related Vulnerabilities: CVE-2020-25649   CVE-2020-25649   CVE-2020-25649  

Source

Synopsis

Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]

Type/Severity

Security Advisory: Low

Topic

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).

Security Fix(es):

  • jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Red Hat Virtualization Manager now requires Ansible 2.9.15. (BZ#1901946)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization Manager 4.4 x86_64

Fixes

  • BZ - 1627997 - [RFE] Allow SPM switching if all tasks have finished via REST-API
  • BZ - 1702237 - [RFE] add API for listing disksnapshots under disk resource
  • BZ - 1796231 - VM disk remains in locked state if image transfer (image download) timesout due to inactivity.
  • BZ - 1868114 - RHV-M UI/Webadmin: The "Disk Snapshots" tab reflects incorrect "Creation Date" information.
  • BZ - 1875951 - Disk hot-unplug fails on engine side with NPE in setDiskVmElements after unplugging from the VM.
  • BZ - 1879655 - [RFE] Implement searching VM's with partial name or case sensitive vm names in VM Portal.
  • BZ - 1880015 - oVirt metrics example Kibana dashboards are broken in Kibana 7.x
  • BZ - 1881115 - RHEL VM icons squashed, please adhere to brand rules
  • BZ - 1881357 - German language greeting page says Red Hat®
  • BZ - 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
  • BZ - 1893035 - rhv-log-collector-analyzer: check for double quotes in IPTablesConfigSiteCustom
  • BZ - 1894298 - ModuleNotFoundError: No module named 'ovirt_engine' raised when starting ovirt-engine-dwhd.py in dev env
  • BZ - 1901946 - [RFE] Bump ovirt-engine version lock to the newest Ansible version
  • BZ - 1903385 - RFE: rhv-image-discrepancies should report if the truesize from VDSM has different size in images in the engine.
  • BZ - 1903595 - [PPC] Can't add PPC host to Engine

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started