RedHat: RHSA-2021-4703 Important: RHV Engine Security Update
red hat
November 16, 2021
Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/2974891
Summary
The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view
and manage virtual machines. The Manager provides a comprehensive range of
features including search capabilities, resource management, live
migrations, and virtual infrastructure provisioning.
The ovirt.ovirt package (previously ovirt-ansible-collection) manages all
oVirt Ansible modules.
The ovirt-ansible-hosted-engine-setup package provides an Ansible role for
deploying Red Hat Virtualization Hosted-Engine.
otopi is a standalone, plug-in based installation framework to be used to
set up system components. The plug-in nature provides simplicity to add new
installation functionality without the complexity of the state and
transaction management.
Security Fix(es):
* Ansible: ansible-connection module discloses sensitive info in traceback
error message (CVE-2021-3620)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* A playbook executed by Ansible Engine 2.9.25 inside a virtual machine
running on Red Hat Virtualization 4.4.9 correctly detects that this is a
virtual machine running on Red Hat Virtualization by using Ansible facts.
(BZ#1904085)
* Red Hat Virtualization now supports Ansible-2.9.27 for internal usage.
(BZ#2003671)
* Previously, upgrading from Red Hat Virtualization 4.3 failed when using
an isolated network during IPv6 deployment. In this release, a forward
network is used instead of an isolated network during an IPv6 deployment.
As a result, upgrade from Red Hat Virtualization 4.3 using IPv6 now
succeeds. (BZ#1947709)
References
https://access.redhat.com/security/cve/CVE-2021-3620 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8:
Source:
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm
noarch:
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source:
ansible-2.9.27-1.el8ae.src.rpm
otopi-1.9.6-2.el8ev.src.rpm
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm
ovirt-imageio-2.3.0-1.el8ev.src.rpm
noarch:
ansible-2.9.27-1.el8ae.noarch.rpm
otopi-common-1.9.6-2.el8ev.noarch.rpm
otopi-debug-plugins-1.9.6-2.el8ev.noarch.rpm
ovirt-ansible-collection-1.6.5-1.el8ev.noarch.rpm
python3-otopi-1.9.6-2.el8ev.noarch.rpm
ppc64le:
ovirt-imageio-client-2.3.0-1.el8ev.ppc64le.rpm
ovirt-imageio-common-2.3.0-1.el8ev.ppc64le.rpm
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.ppc64le.rpm
ovirt-imageio-daemon-2.3.0-1.el8ev.ppc64le.rpm
ovirt-imageio-debugsource-2.3.0-1.el8ev.ppc64le.rpm
x86_64:
ovirt-imageio-client-2.3.0-1.el8ev.x86_64.rpm
ovirt-imageio-common-2.3.0-1.el8ev.x86_64.rpm
ovirt-imageio-common-debuginfo-2.3.0-1.el8ev.x86_64.rpm
ovirt-imageio-daemon-2.3.0-1.el8ev.x86_64.rpm
ovirt-imageio-debugsource-2.3.0-1.el8ev.x86_64.rpm
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source:
ansible-2.9.27-1.el8ae.src.rpm
otopi-1.9.6-2.el8ev.src.rpm
ovirt-ansible-collection-1.6.5-1.el8ev.src.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2021:4703-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4703
Issue date: 2021-11-16
Topic
Updated dependency packages for ovirt-engine and ovirt-host that fixseveral bugs and add various enhancements are now available.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64
Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 - noarch
Bugs Fixed
1947709 - [IPv6] HostedEngineLocal is an isolated libvirt network, breaking upgrades from 4.3
1975767 - CVE-2021-3620 Ansible: ansible-connection module discloses sensitive info in traceback error message
2003671 - Bump Ansible distributed within RHV channels to 2.9.27
2010670 - Upgrade otopi to 1.9.6
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!