Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Virtualization 4.3: Security Fix RHSA-2019-3024-01 for ovirt-web-ui

red hat
Calendar Grey October 10, 2019
Dist Redhat Esm H88
This advisory covers the ovirt-web-ui update for Red Hat Virtualization 4.3, detailing necessary bug fixes and security updates.
An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The ovirt-web-ui package provides the web interface for Red Hat Virtualization.
Security Fix(es):
* nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Known moderate severity security vulnerability detected by GitHub on ovirt-web-ui components (BZ#1694032)

Topics%20covered

Topics Covered

security advisory moderate security issue Red Hat Virtualization oVirt

References

https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-10744 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/updates/classification#moderate

Package List

RHV-M 4.3:
Source: ovirt-web-ui-1.6.0-1.el7ev.src.rpm
noarch: ovirt-web-ui-1.6.0-1.el7ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2019:3024-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3024
Issue date: 2019-10-10

Topic

An update for ovirt-web-ui is now available for Red Hat VirtualizationEngine 4.3.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue Red Hat Virtualization oVirt

Relevant Releases Architectures

RHV-M 4.3 - noarch

Bugs Fixed

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute

1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection

1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here