Red Hat RHSA-2021-2180-01 Moderate: RHV Engine Security Fix

red hat

June 1, 2021

Updated dependency packages for ovirt-engine and ovirt-host that fix several security flaws, bugs and add various enhancements are now available

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* ansible: user data leak in snmp_facts module (CVE-2021-20178)
* ansible module: bitbucket_pipeline_variable exposes secured values (CVE-2021-20180)
* ansible: multiple modules expose secured values (CVE-2021-20191)
* ansible: basic.py no_log with fallback option (CVE-2021-20228)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Red Hat Virtualization 4.4.6 now requires Ansible 2.9.18 (BZ#1933672)

Topics Covered

security advisory security update Red Hat vulnerability Moderate ansible RHV Engine

References

https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8:
Source: ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm python-ovirt-engine-sdk4-4.4.12-1.el8ev.src.rpm rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.src.rpm
noarch: ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm
ppc64le: python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-4.4.12-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.ppc64le.rpm
x86_64: python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-4.4.12-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.12-1.el8ev.x86_64.rpm rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.x86_64.rpm rubygem-ovirt-engine-sdk4-debuginfo-4.4.1-1.el8ev.x86_64.rpm rubygem-ovirt-engine-sdk4-debugsource-4.4.1-1.el8ev.x86_64.rpm rubygem-ovirt-engine-sdk4-doc-4.4.1-1.el8ev.x86_64.rpm
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source: ansible-2.9.18-1.el8ae.src.rpm ovirt-ansible-collection-1.4.2-1.el8ev.src.rpm python-ovirt-engine-sdk4-4.4.12-1.el8ev.src.rpm
noarch: ansible-2.9.18-1.el8ae.noarch.rpm ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm
ppc64le: python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-4.4.12-1.el8ev.ppc64le.rpm

Read the Full Advisory

Advisory ID: RHSA-2021:2180-01

Product: Red Hat Virtualization

Advisory URL: https://access.redhat.com/errata/RHSA-2021:2180

Issue date: 2021-06-01

Topic

Updated dependency packages for ovirt-engine and ovirt-host that fixseveral security flaws, bugs and add various enhancements are nowavailable.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory security update Red Hat vulnerability Moderate ansible RHV Engine

Relevant Releases Architectures

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 - noarch, ppc64le, x86_64

Bugs Fixed

1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module

1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values

1916813 - CVE-2021-20191 ansible: multiple modules expose secured values

1924590 - "FIPS mode is not enabled as required" error occur in "Enforce FIPS mode" task when deploying hosted engine

1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option

1933238 - Allow migration of vms in between the clusters using ansible

1933672 - Ansible security advisory RHSA-2021:0663 not included in RHV

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat RHSA-2021-2180-01 Moderate: RHV Engine Security Fix

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat RHSA-2021-2180-01 Moderate: RHV Engine Security Fix

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!