Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

RedHat RHSA-2019-3023-01 Moderate: ovirt-engine-ui-extensions XSS Attacks

red hat
Calendar Grey October 10, 2019
Dist Redhat Esm H88
The ovirt-engine-ui-extensions release features important updates that fix multiple medium-level security vulnerabilities. For detailed patches and recommendations, refer to the documentation
An update for ovirt-engine-ui-extensions is now available for Red Hat Virtualization Engine 4.3

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The ovirt-engine-ui-extensions package contains UI plugins that provide various extensions to the oVirt administration UI.
Security Fix(es):
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Known moderate severity security vulnerability detected by GitHub on ovirt-engine-ui-extensions components (BZ#1694035)

Topics%20covered

Topics Covered

security advisory moderate security issue bug fix xss attack red hat virtualization ovirt-engine-ui-extensions

References

https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/updates/classification#moderate

Package List

RHV-M 4.3:
Source: ovirt-engine-ui-extensions-1.0.10-1.el7ev.src.rpm
noarch: ovirt-engine-ui-extensions-1.0.10-1.el7ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2019:3023-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3023
Issue date: 2019-10-10

Topic

An update for ovirt-engine-ui-extensions is now available for Red HatVirtualization Engine 4.3.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue bug fix xss attack red hat virtualization ovirt-engine-ui-extensions

Relevant Releases Architectures

RHV-M 4.3 - noarch

Bugs Fixed

1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute

1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property

1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute

1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection

1752576 - [Tracking] ovirt-engine-ui-extensions 1.0.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here