RHEL 7 : Virtualization Manager (RHSA-2018:2071)
Medium Nessus Plugin ID 110796
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager 4.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
The following packages have been upgraded to a later version :
* org.ovirt.engine-root (184.108.40.206). (BZ#1576752)
Security Fix(es) :
* ovirt-engine: Unfiltered password when choosing manual db provisioning (CVE-2018-1075)
* ovirt-engine-setup: unfiltered db password in engine-backup log (CVE-2018-1072)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
These issues were discovered by Yedidyah Bar David (Red Hat).
Bug Fix(es) :
* This update enables engine-setup to upgrade PostgreSQL 9.2 to 9.5, even when the locale of the 9.2 database is different from the system locale. (BZ#1579268)
* This update fixes an inefficient query that is generated when users click on the 'Users' tab in the Administration Portal. The fix ensures that the tab loads quicker. (BZ#1583619)
* The storage domain's General sub-tab in the Administration Portal now shows the number of images on the storage domain under the rubric 'Images', this corresponds to the number of LVs on a block domain.
SolutionUpdate the affected packages.