Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat: RHSA-2022-4712-01 Moderate: Python Race Condition Security Fix

red hat
Calendar Grey May 26, 2022
Dist Redhat Esm H88
The latest security update from Red Hat highlights essential improvements for RHV Engine and Host Common Packages, addressing issues of moderate severity.
Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.
Security Fix(es):
* python-paramiko: Race condition in the write_private_key_file function (CVE-2022-24302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Topics%20covered

Topics Covered

security advisory moderate red hat race condition python host common packages rhv engine

References

https://access.redhat.com/security/cve/CVE-2022-24302 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8:
Source: ansible-collection-ansible-netcommon-2.2.0-3.2.el8ev.src.rpm ansible-collection-ansible-posix-1.3.0-1.2.el8ev.src.rpm ansible-collection-ansible-utils-2.3.0-2.2.el8ev.src.rpm ovirt-ansible-collection-2.0.3-1.el8ev.src.rpm python-jmespath-0.9.0-11.1.el8ev.src.rpm python-netaddr-0.7.19-8.1.1.el8ev.src.rpm python-ovirt-engine-sdk4-4.5.1-1.el8ev.src.rpm python-passlib-1.7.0-5.1.el8ev.src.rpm python-pycurl-7.43.0.2-4.1.el8ev.src.rpm
noarch: ansible-collection-ansible-netcommon-2.2.0-3.2.el8ev.noarch.rpm ansible-collection-ansible-posix-1.3.0-1.2.el8ev.noarch.rpm ansible-collection-ansible-utils-2.3.0-2.2.el8ev.noarch.rpm ovirt-ansible-collection-2.0.3-1.el8ev.noarch.rpm python3-jmespath-0.9.0-11.1.el8ev.noarch.rpm python3-netaddr-0.7.19-8.1.1.el8ev.noarch.rpm python3-passlib-1.7.0-5.1.el8ev.noarch.rpm python38-jmespath-0.9.0-11.1.el8ev.noarch.rpm python38-netaddr-0.7.19-8.1.1.el8ev.noarch.rpm python38-passlib-1.7.0-5.1.el8ev.noarch.rpm
ppc64le: ovirt-imageio-client-2.4.3-1.el8ev.ppc64le.rpm ovirt-imageio-common-2.4.3-1.el8ev.ppc64le.rpm ovirt-imageio-common-debuginfo-2.4.3-1.el8ev.ppc64le.rpm ovirt-imageio-debuginfo-2.4.3-1.el8ev.ppc64le.rpm ovirt-imageio-debugsource-2.4.3-1.el8ev.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2022:4712-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4712
Issue date: 2022-05-26

Topic

Updated dependency packages for ovirt-engine and ovirt-host that fixseveral bugs and add various enhancements are now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate red hat race condition python host common packages rhv engine

Relevant Releases Architectures

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 - noarch, ppc64le, x86_64

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 9 - ppc64le, x86_64

Bugs Fixed

1883949 - ovirt_disk Ansible module uses the physical size of a qcow2 file instead of the virtual size

1932149 - Create hosted_storage with the correct storage_format based on the Data-Center level of the backup

1933555 - [RFE] Release python-ovirt-engine-sdk4 package on RHEL 9

1940824 - [RFE] Upgrade OVN/OVS 2.11 in RHV to OVN/OVS 2.15

2004018 - Modify ovirt_disk Ansible module to allow setting the bootable flag only if disk is attached to a virtual machine

2004852 - [RFE] include option to enable/disable virtio scsi support in ovirt_vm module

2006721 - uploading image using ovirt_disk always fails for the first time and works in second attempt

2017070 - Remove manageiq role from oVirt Ansible Collection

2020620 - Hosted engine setup fails on host with DISA STIG profile

2034313 - upgrade otopi to 1.10.0

2044362 - Upgrade ovirt-setup-lib to 1.3.3

2060763 - [RFE] Upgrade OVS 2.11 in RHV to OVS 2.15

2064795 - Build and distribute python38-passlib in RHV channels

2064798 - Build and distribute python38-pycurl in RHV channels

2064799 - Build and distribute python38-jmespath in RHV channels

2064801 - Build and distribute python38-netaddr in RHV channels

2065665 - CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function

2066811 - Hosted engine deployment fails when DISA STIG profile is selected for the engine VM

2071365 - [RFE] Require ansible-core-2.12 in ovirt-ansible-collection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here