SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version:
imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ# 1711193, BZ#1717250, BZ#1726917)
Security Fix(es) :
* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)
* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)
* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)
* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
SolutionUpdate the affected packages.