Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3247:01 Important: RHV Manager (ovirt-engine) 4.4

    Date
    324
    Posted By
    Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
    Advisory ID:       RHSA-2020:3247-01
    Product:           Red Hat Virtualization
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3247
    Issue date:        2020-08-04
    CVE Names:         CVE-2017-18635 CVE-2019-8331 CVE-2019-10086 
                       CVE-2019-13990 CVE-2019-17195 CVE-2019-19336 
                       CVE-2020-7598 CVE-2020-10775 CVE-2020-11022 
                       CVE-2020-11023 
    =====================================================================
    
    1. Summary:
    
    Updated ovirt-engine packages that fix several bugs and add various
    enhancements are now available.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64
    
    3. Description:
    
    The ovirt-engine package provides the Red Hat Virtualization Manager, a
    centralized management platform that allows system administrators to view
    and manage virtual machines. The Manager provides a comprehensive range of
    features including search capabilities, resource management, live
    migrations, and virtual infrastructure provisioning. 
    
    The Manager is a JBoss Application Server application that provides several
    interfaces through which the virtual environment can be accessed and
    interacted with, including an Administration Portal, a VM Portal, and a
    Representational State Transfer (REST) Application Programming Interface
    (API).
    
    A list of bugs fixed in this update is available in the Technical Notes
    book:
    
    https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht
    ml-single/technical_notes
    
    Security Fix(es):
    
    * apache-commons-beanutils: does not suppresses the class property in
    PropertyUtilsBean by default (CVE-2019-10086)
    
    * libquartz: XXE attacks via job description (CVE-2019-13990)
    
    * novnc: XSS vulnerability via the messages propagated to the status field
    (CVE-2017-18635)
    
    * bootstrap: XSS in the tooltip or popover data-template attribute
    (CVE-2019-8331)
    
    * nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)
    
    * ovirt-engine: response_type parameter allows reflected XSS
    (CVE-2019-19336)
    
    * nodejs-minimist: prototype pollution allows adding or modifying
    properties of Object.prototype using a constructor or __proto__ payload
    (CVE-2020-7598)
    
    * ovirt-engine: Redirect to arbitrary URL allows for phishing
    (CVE-2020-10775)
    
    * Cross-site scripting due to improper injQuery.htmlPrefilter method
    (CVE-2020-11022)
    
    * jQuery: passing HTML containing 

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.