Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 744
Alerts This Week
Warning Icon 1 744

Red Hat Virtualization 4.3: Security Fix RHSA-2019-3024-01 for ovirt-web-ui

red hat
Calendar Grey October 10, 2019
Dist Redhat Esm H88
This advisory covers the ovirt-web-ui update for Red Hat Virtualization 4.3, detailing necessary bug fixes and security updates.
An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The ovirt-web-ui package provides the web interface for Red Hat Virtualization.
Security Fix(es):
* nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Known moderate severity security vulnerability detected by GitHub on ovirt-web-ui components (BZ#1694032)

References

https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-10744 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/updates/classification#moderate

Package List

RHV-M 4.3:
Source: ovirt-web-ui-1.6.0-1.el7ev.src.rpm
noarch: ovirt-web-ui-1.6.0-1.el7ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2019:3024-01
Product: Red Hat Virtualization
Issue date: 2019-10-10

Topic

An update for ovirt-web-ui is now available for Red Hat VirtualizationEngine 4.3.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

RHV-M 4.3 - noarch

Bugs Fixed

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute

1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection

1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.