RedHat: RHSA-2021-1184:01 Moderate: RHV RHEL Host (ovirt-host) 4.4....
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: RHV RHEL Host (ovirt-host) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement
Advisory ID:       RHSA-2021:1184-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1184
Issue date:        2021-04-14
CVE Names:         CVE-2020-28458 
=====================================================================

1. Summary:

Updated host packages that fix several bugs and add various enhancements
are now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64

3. Description:

The ovirt-hosted-engine-setup package provides a self-hosted engine tool
for the Red Hat Virtualization Manager. A self-hosted engine is a
virtualized environment in which the Manager runs on a virtual machine on
the hosts managed by the Manager.
Bug Fix(es):

* In this release, it is now possible to enter a path to the OVA archive
for local appliance installation using the cockpit-ovirt UI. (BZ#1755156)

* Previously, following a successful migration on the Self-hosted Engine,
he HA agent on the source host immediately moved to the state EngineDown,
and shorly thereafter tried to start the engine locally, if the destination
host didn't update the shared storage quickly enough, marking the Manager
virtual machine as being up.
As a result, starting the virtual machine failed due to a shared lock held
by the destination host. This also resulted in generating false alarms and
notifications.
In this release, the HA agent first moves to the state EngineMaybeAway,
providing the destination host more time to update the shared storage with
the updated state. As a result, no notifications or false alarms are
generated. 
Note: in scenarios where the virtual machine needs to be started on the
source host, this fix slightly increases the time it takes the Manager
virtual
machine on the source host to start. (BZ#1815589)

* Previously, if a host in the Self-hosted Engine had an ID number higher
than 64, other hosts did not recognize that host, and the host did not
appear in 'hosted-engine --vm-status'.
In this release, the Self-hosted Engine allows host ID numbers of up to
2000. (BZ#1916032)

* ovirt-hosted-engine-setup now requires ansible-2.9.17. (BZ#1921108)

* Previously the logical names for disks without a mounted filesystem were
not displayed in the Red Hat Virtualization Manager. 
In this release, logical names for such disks are properly reported
provided the version of QEMU Guest Agent in the virtual machine is 5.2 or
higher. (BZ#1836661)

* Previously, if the Seal option was used when creating a template for
Linux virtual machines, the original host name was not removed from the
template. 
In this release, the host name is set to localhost or the new virtual
machine host name. (BZ#1860492)

* Previously, the used memory of the host didn't take the SReclaimable
memory into consideration while it did for free memory. As a result, there
were discrepancies in the host statistics. 
In this release, the SReclaimable memory is a part of the used memory
calculation. (BZ#1916519)

Security Fix(es):

* datatables.net: prototype pollution if 'constructor' were used in a data
property name (CVE-2020-28458)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1755156 - [RFE] Cockpit: RHV deployment missing local appliance installation
1796415 - Live Merge  and Remove Snapshot fails
1815589 - The HA agent trying to start HE VM in source host after successful HE migration
1836661 - [RFE] GET diskattachments for a VM using qemu-guest-agent is missing a logical_name for disks without monted file-system
1860492 - Create template with option "seal template" from VM snapshot fails to remove VM specific information.
1870435 - StorageDomain.dump() can return {"key" : None} if metadata is missing
1901503 - Misleading error message, displaying Data Center Storage Type instead of its name
1908441 - CVE-2020-28458 datatables.net: prototype pollution if 'constructor' were used in a data property name
1909956 - Failed to authenticate ssh session with host during hosted engine deployment with STIG profile
1916032 - Engine allows deploying HE hosts with spm_id > 64 but broker won't read past slot 64
1916519 - Host memory statistics discrepancies due to SReclaimable
1916947 - The syntax of the entry in '99-vdsm_protect_ifcfg.conf' is incorrect
1917927 - Upgrade cockpit-ovirt to 0.14.19
1919246 - Fix volume status lookup on OSP with Python 3
1921014 - Upgrade ovirt-host to 4.4.5
1921108 - Bump required ansible version in ovirt-hosted-engine-setup

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:
cockpit-ovirt-0.14.20-1.el8ev.src.rpm
ovirt-host-4.4.5-1.el8ev.src.rpm
ovirt-hosted-engine-ha-2.4.6-1.el8ev.src.rpm
ovirt-hosted-engine-setup-2.4.9-4.el8ev.src.rpm
v2v-conversion-host-1.16.2-10.el8ev.src.rpm
vdsm-4.40.50.8-1.el8ev.src.rpm

noarch:
cockpit-ovirt-dashboard-0.14.20-1.el8ev.noarch.rpm
ovirt-hosted-engine-ha-2.4.6-1.el8ev.noarch.rpm
ovirt-hosted-engine-setup-2.4.9-4.el8ev.noarch.rpm
v2v-conversion-host-wrapper-1.16.2-10.el8ev.noarch.rpm
vdsm-api-4.40.50.8-1.el8ev.noarch.rpm
vdsm-client-4.40.50.8-1.el8ev.noarch.rpm
vdsm-common-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-cpuflags-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-ethtool-options-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-fcoe-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-localdisk-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-nestedvt-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-openstacknet-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-vhostmd-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-vmfex-dev-4.40.50.8-1.el8ev.noarch.rpm
vdsm-http-4.40.50.8-1.el8ev.noarch.rpm
vdsm-jsonrpc-4.40.50.8-1.el8ev.noarch.rpm
vdsm-python-4.40.50.8-1.el8ev.noarch.rpm
vdsm-yajsonrpc-4.40.50.8-1.el8ev.noarch.rpm

ppc64le:
ovirt-host-4.4.5-1.el8ev.ppc64le.rpm
ovirt-host-dependencies-4.4.5-1.el8ev.ppc64le.rpm
vdsm-4.40.50.8-1.el8ev.ppc64le.rpm
vdsm-hook-checkips-4.40.50.8-1.el8ev.ppc64le.rpm
vdsm-hook-extra-ipv4-addrs-4.40.50.8-1.el8ev.ppc64le.rpm
vdsm-network-4.40.50.8-1.el8ev.ppc64le.rpm

x86_64:
ovirt-host-4.4.5-1.el8ev.x86_64.rpm
ovirt-host-dependencies-4.4.5-1.el8ev.x86_64.rpm
vdsm-4.40.50.8-1.el8ev.x86_64.rpm
vdsm-gluster-4.40.50.8-1.el8ev.x86_64.rpm
vdsm-hook-checkips-4.40.50.8-1.el8ev.x86_64.rpm
vdsm-hook-extra-ipv4-addrs-4.40.50.8-1.el8ev.x86_64.rpm
vdsm-network-4.40.50.8-1.el8ev.x86_64.rpm

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:
v2v-conversion-host-1.16.2-10.el8ev.src.rpm
vdsm-4.40.50.8-1.el8ev.src.rpm

noarch:
v2v-conversion-host-ansible-1.16.2-10.el8ev.noarch.rpm
v2v-conversion-host-wrapper-1.16.2-10.el8ev.noarch.rpm
vdsm-hook-cpuflags-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-ethtool-options-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-fcoe-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-localdisk-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-nestedvt-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-openstacknet-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-vhostmd-4.40.50.8-1.el8ev.noarch.rpm
vdsm-hook-vmfex-dev-4.40.50.8-1.el8ev.noarch.rpm

x86_64:
vdsm-hook-checkips-4.40.50.8-1.el8ev.x86_64.rpm
vdsm-hook-extra-ipv4-addrs-4.40.50.8-1.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-28458
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYHbW9NzjgjWX9erEAQjtiQ//fbZMTJVQNTGG/THZGsa2glJWtUHiauSC
HrOlFzCeBWlWUs7SRD3uLiSLm/v1Hef9j4vqRHkSET+bf9gXVeTMX0qC+A+UtNbO
u0Yf0MckpGCGcCD90QDJtcDOHvS92IDs4rLDk1OaTmc0BhvyPJCBkwFkLc/q/v9o
1WBs0/tVaXjYq15SJlt6uSeUOwuvsG/hjzXGAeG1d9TD+yaUe+Dz3gyr2DZkD8hH
52r/EN5/Hqsc+jd2LHHHKrsgZuWgcDYfjH/QRPcIXrXhQ6YAnR6UesD354WE5N6u
xJZ4GubHBxnGOYN3wJghMdgapJ40E+vTQk9nlEofzm0RbZGDjr3W4rt/Gkg2cPHO
NFDswUtVF0H0MzcSUwVQBVfZlBiUsnLWuAOfTuhhqMAbU0Ye+qEsiA0ntjrgUcVL
hzcIwEUdP7n12zV/YIB9rfeKqQt8/NKYgQI+MXlJSlGZOxP71H7IjTWGfIzJYb+r
DCvqkidlngHo1ponO4Cu5WDXJUb6E0Y/bTAKwGgyFJbUZFCyQjOpcFKY7/oSFTVM
6Ce5n16GC5TtsRyT9iTFwCrVYCPJzdwmKINDTGTbv1QYP0yzpanBQtB0qvyhuyLL
Xzo/dSdDuo9+/iCi7W1rVmWvVGW7COeT0LskIeGT1B+Up9HzWjMmXKNXtoTXZuTX
4mysFOP1/HE=
=QjXx
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-1184:01 Moderate: RHV RHEL Host (ovirt-host) 4.4.z

Updated host packages that fix several bugs and add various enhancements are now available

Summary

The ovirt-hosted-engine-setup package provides a self-hosted engine tool for the Red Hat Virtualization Manager. A self-hosted engine is a virtualized environment in which the Manager runs on a virtual machine on the hosts managed by the Manager. Bug Fix(es):
* In this release, it is now possible to enter a path to the OVA archive for local appliance installation using the cockpit-ovirt UI. (BZ#1755156)
* Previously, following a successful migration on the Self-hosted Engine, he HA agent on the source host immediately moved to the state EngineDown, and shorly thereafter tried to start the engine locally, if the destination host didn't update the shared storage quickly enough, marking the Manager virtual machine as being up. As a result, starting the virtual machine failed due to a shared lock held by the destination host. This also resulted in generating false alarms and notifications. In this release, the HA agent first moves to the state EngineMaybeAway, providing the destination host more time to update the shared storage with the updated state. As a result, no notifications or false alarms are generated. Note: in scenarios where the virtual machine needs to be started on the source host, this fix slightly increases the time it takes the Manager virtual machine on the source host to start. (BZ#1815589)
* Previously, if a host in the Self-hosted Engine had an ID number higher than 64, other hosts did not recognize that host, and the host did not appear in 'hosted-engine --vm-status'. In this release, the Self-hosted Engine allows host ID numbers of up to 2000. (BZ#1916032)
* ovirt-hosted-engine-setup now requires ansible-2.9.17. (BZ#1921108)
* Previously the logical names for disks without a mounted filesystem were not displayed in the Red Hat Virtualization Manager. In this release, logical names for such disks are properly reported provided the version of QEMU Guest Agent in the virtual machine is 5.2 or higher. (BZ#1836661)
* Previously, if the Seal option was used when creating a template for Linux virtual machines, the original host name was not removed from the template. In this release, the host name is set to localhost or the new virtual machine host name. (BZ#1860492)
* Previously, the used memory of the host didn't take the SReclaimable memory into consideration while it did for free memory. As a result, there were discrepancies in the host statistics. In this release, the SReclaimable memory is a part of the used memory calculation. (BZ#1916519)
Security Fix(es):
* datatables.net: prototype pollution if 'constructor' were used in a data property name (CVE-2020-28458)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/2974891

References

https://access.redhat.com/security/cve/CVE-2020-28458 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source: cockpit-ovirt-0.14.20-1.el8ev.src.rpm ovirt-host-4.4.5-1.el8ev.src.rpm ovirt-hosted-engine-ha-2.4.6-1.el8ev.src.rpm ovirt-hosted-engine-setup-2.4.9-4.el8ev.src.rpm v2v-conversion-host-1.16.2-10.el8ev.src.rpm vdsm-4.40.50.8-1.el8ev.src.rpm
noarch: cockpit-ovirt-dashboard-0.14.20-1.el8ev.noarch.rpm ovirt-hosted-engine-ha-2.4.6-1.el8ev.noarch.rpm ovirt-hosted-engine-setup-2.4.9-4.el8ev.noarch.rpm v2v-conversion-host-wrapper-1.16.2-10.el8ev.noarch.rpm vdsm-api-4.40.50.8-1.el8ev.noarch.rpm vdsm-client-4.40.50.8-1.el8ev.noarch.rpm vdsm-common-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-cpuflags-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-ethtool-options-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-fcoe-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-localdisk-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-nestedvt-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-openstacknet-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-vhostmd-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-vmfex-dev-4.40.50.8-1.el8ev.noarch.rpm vdsm-http-4.40.50.8-1.el8ev.noarch.rpm vdsm-jsonrpc-4.40.50.8-1.el8ev.noarch.rpm vdsm-python-4.40.50.8-1.el8ev.noarch.rpm vdsm-yajsonrpc-4.40.50.8-1.el8ev.noarch.rpm
ppc64le: ovirt-host-4.4.5-1.el8ev.ppc64le.rpm ovirt-host-dependencies-4.4.5-1.el8ev.ppc64le.rpm vdsm-4.40.50.8-1.el8ev.ppc64le.rpm vdsm-hook-checkips-4.40.50.8-1.el8ev.ppc64le.rpm vdsm-hook-extra-ipv4-addrs-4.40.50.8-1.el8ev.ppc64le.rpm vdsm-network-4.40.50.8-1.el8ev.ppc64le.rpm
x86_64: ovirt-host-4.4.5-1.el8ev.x86_64.rpm ovirt-host-dependencies-4.4.5-1.el8ev.x86_64.rpm vdsm-4.40.50.8-1.el8ev.x86_64.rpm vdsm-gluster-4.40.50.8-1.el8ev.x86_64.rpm vdsm-hook-checkips-4.40.50.8-1.el8ev.x86_64.rpm vdsm-hook-extra-ipv4-addrs-4.40.50.8-1.el8ev.x86_64.rpm vdsm-network-4.40.50.8-1.el8ev.x86_64.rpm
Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: v2v-conversion-host-1.16.2-10.el8ev.src.rpm vdsm-4.40.50.8-1.el8ev.src.rpm
noarch: v2v-conversion-host-ansible-1.16.2-10.el8ev.noarch.rpm v2v-conversion-host-wrapper-1.16.2-10.el8ev.noarch.rpm vdsm-hook-cpuflags-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-ethtool-options-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-fcoe-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-localdisk-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-nestedvt-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-openstacknet-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-vhostmd-4.40.50.8-1.el8ev.noarch.rpm vdsm-hook-vmfex-dev-4.40.50.8-1.el8ev.noarch.rpm
x86_64: vdsm-hook-checkips-4.40.50.8-1.el8ev.x86_64.rpm vdsm-hook-extra-ipv4-addrs-4.40.50.8-1.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2021:1184-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1184
Issued Date: : 2021-04-14
CVE Names: CVE-2020-28458

Topic

Updated host packages that fix several bugs and add various enhancementsare now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64

Bugs Fixed

1755156 - [RFE] Cockpit: RHV deployment missing local appliance installation

1796415 - Live Merge and Remove Snapshot fails

1815589 - The HA agent trying to start HE VM in source host after successful HE migration

1836661 - [RFE] GET diskattachments for a VM using qemu-guest-agent is missing a logical_name for disks without monted file-system

1860492 - Create template with option "seal template" from VM snapshot fails to remove VM specific information.

1870435 - StorageDomain.dump() can return {"key" : None} if metadata is missing

1901503 - Misleading error message, displaying Data Center Storage Type instead of its name

1908441 - CVE-2020-28458 datatables.net: prototype pollution if 'constructor' were used in a data property name

1909956 - Failed to authenticate ssh session with host during hosted engine deployment with STIG profile

1916032 - Engine allows deploying HE hosts with spm_id > 64 but broker won't read past slot 64

1916519 - Host memory statistics discrepancies due to SReclaimable

1916947 - The syntax of the entry in '99-vdsm_protect_ifcfg.conf' is incorrect

1917927 - Upgrade cockpit-ovirt to 0.14.19

1919246 - Fix volume status lookup on OSP with Python 3

1921014 - Upgrade ovirt-host to 4.4.5

1921108 - Bump required ansible version in ovirt-hosted-engine-setup

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.