ELSA-2024-12701

Опубликовано: 30 сент. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-12701: ovirt-engine security update (MODERATE)

[4.4.10.7-1.0.33]

Fix external providers properties observability

[4.4.10.7-1.0.32]

Upgrade bundled frontend dependency of jquery-ui

[4.4.10.7-1.0.31]

Allow enrolling certificates in non-responsive state and Extend the lifetime of non-web certificates

[4.4.10.7-1.0.30]

Fix network exception handling and fencing flow logic.

[4.4.10.7-1.0.29]

Fixing the manage events form email display

[4.4.10.7-1.0.28]

Remove taa-no from Secure Skylake Server

[4.4.10.7-1.0.27]

Updating the jquery to 3.6.0

[4.4.10.7-1.0.26]

Check locale for path traversal character

[4.4.10.7-1.0.25]

Hide the icons directory from listable directories

[4.4.10.7-1.0.24]

Fixed the packing of ova where ovf length was changed after encoding

[4.4.10.7-1.0.23]

Fixed the issue of renewing vm-console-proxy and ovn certificates during engine-setup

[4.4.10.7-1.0.22]

Fix the engine url for vmconsole to use https protocol

[4.4.10.7-1.0.21]

Fix classpath for SecureByteArrayOutputStream after apache-sshd-2.9 update

[4.4.10.7-1.0.20]

Wait for loop device to be available

[4.4.10.7-1.0.19]

Clean old nvram file on vm emulator update to uefi secure boot

[4.4.10.7-1.0.18]

Added support to use postgresql-jdbc-42.2.14-1 and spring framework 5.3.19
Cleanup the spec file to remove unneeded or commented lines

[4.4.10.7-1.0.17]

Stopping the ovirt-engine-dwh service and setting the DwhCurrentlyRunning to 0 when changing password encryption from md5 to scram-sha-256.

[4.4.10.7-1.0.16]

Included the condition of origin as NULL while inserting the data in vm_ovf_generations table

[4.4.10.7-1.0.15]

Fix to parse both uppercase and camelcase instanceID in OvfReader

[4.4.10.7-1.0.14]

Back Port from upstream 4.5 - https://gerrit.ovirt.org/c/ovirt-engine/+/116317/

[4.4.10.7-1.0.13]

Remove movirt as it is deprecated upstream

[4.4.10.7-1.0.12]

Changing the password ecryption type in postgres from md5 to scram-sha-256

[4.4.10.7-1.0.11]

Add NumOfPciExpressPorts as configurable attribute

[4.4.10.7-1.0.10]

Forward port - Support for Windows 11 and Windows Server 2022

[4.4.10.7-1.0.9]

Forward port from 4.3.6.6-1.0.16, added Skylake-Server-noTSX-IBRS and Cascadelake-Server-noTSX CPU Types

[4.4.10.7-1.0.8]

Forward Port - Fix qxl video

[4.4.10.7-1.0.7]

Forward Port - Fix NPE during ova import operation

[4.4.10.7-1.0.6]

Forward Port from 4.3 - Handle ova when origin is null and storage disk is block

[4.4.10.7-1.0.5]

Forward Port from 4.3 - Remove unnecessary name length restriction for templates.

[4.4.10.7-1.0.4]

Port forward - Add hsts response header to httpd conf

[4.4.10.7-1.0.3]

Remove memory limit

[4.4.10.7-1.0.2]

Fix OS detection

[4.4.10.7]

Bump version to 4.4.10.7

[4.4.10.6]

Bump version to 4.4.10.6

[4.4.10.5]

Bump version to 4.4.10.5

[4.4.10.4]

Bump version to 4.4.10.4

[4.4.10.3]

Bump version to 4.4.10.3

[4.4.10.2]

Bump version to 4.4.10.2

[4.4.10.1]

Bump version to 4.4.10.1

[4.4.10]

Bump version to 4.4.10

[4.4.9.2]

Bump version to 4.4.9.2

[4.4.9.1]

Bump version to 4.4.9.1

[4.4.9]

Bump version to 4.4.9

[4.4.8.4]

Bump version to 4.4.8.4

[4.4.8.3]

Bump version to 4.4.8.3

[4.4.8.2]

Bump version to 4.4.8.2

[4.4.8.1]

Bump version to 4.4.8.1

[4.4.8]

Bump version to 4.4.8

[4.4.7.6]

Bump version to 4.4.7.6

[4.4.7.5]

Bump version to 4.4.7.5

[4.4.7.4]

Bump version to 4.4.7.4

[4.4.7.3]

Bump version to 4.4.7.3

[4.4.7.2]

Bump version to 4.4.7.2

[4.4.7.1]

Bump version to 4.4.7.1

[4.4.7]

Bump version to 4.4.7

[4.4.6.6]

Bump version to 4.4.6.6

[4.4.6.5]

Bump version to 4.4.6.5

[4.4.6.4]

Bump version to 4.4.6.4

[4.4.6.3]

Bump version to 4.4.6.3

[4.4.6.2]

Bump version to 4.4.6.2

[4.4.6.1]

Bump version to 4.4.6.1

[4.4.6]

Bump version to 4.4.6

[4.4.5.8]

Bump version to 4.4.5.8

[4.4.5.7]

Bump version to 4.4.5.7

[4.4.5.6]

Bump version to 4.4.5.6

[4.4.5.5]

Bump version to 4.4.5.5

[4.4.5.4]

Bump version to 4.4.5.4

[4.4.5.3]

Bump version to 4.4.5.3

[4.4.5.2]

Bump version to 4.4.5.2

[4.4.5.1]

Bump version to 4.4.5.1

[4.4.5]

Bump version to 4.4.5

[4.4.4.5]

Bump version to 4.4.4.5

[4.4.4.4]

Bump version to 4.4.4.4

[4.4.4.3]

Bump version to 4.4.4.3

[4.4.4.2]

Bump version to 4.4.4.2

[4.4.4.1]

Bump version to 4.4.4.1

[4.4.4]

Bump version to 4.4.4

[4.4.3.11]

Bump version to 4.4.3.11

[4.4.3.10]

Bump version to 4.4.3.10

[4.4.3.9]

Bump version to 4.4.3.9

[4.4.3.8]

Bump version to 4.4.3.8

[4.4.3.7]

Bump version to 4.4.3.7

[4.4.3.6]

Bump version to 4.4.3.6

[4.4.3.5]

Bump version to 4.4.3.5

[4.4.3.4]

Bump version to 4.4.3.4

[4.4.3.3]

Bump version to 4.4.3.3

[4.4.3.2]

Bump version to 4.4.3.2

[4.4.3.1]

Bump version to 4.4.3.1

[4.4.3]

Bump version to 4.4.3

[4.4.2.2]

Bump version to 4.4.2.2

[4.4.2.1]

Bump version to 4.4.2.1

[4.4.2]

Bump version to 4.4.2

[4.4.1.8]

Bump version to 4.4.1.8

[4.4.1.7]

Bump version to 4.4.1.7

[4.4.1.6]

Bump version to 4.4.1.6

[4.4.1.5]

Bump version to 4.4.1.5

[4.4.1.4]

Bump version to 4.4.1.4

[4.4.1.3]

Bump version to 4.4.1.3

[4.4.1.2]

Bump version to 4.4.1.2

[4.4.1.1]

Bump version to 4.4.1.1

[4.4.1]

Bump version to 4.4.1

[4.4.0.3]

Bump version to 4.4.0.3

[4.4.0.2]

Bump version to 4.4.0.2

[4.4.0.1]

Bump version to 4.4.0.1

[4.4.0]

Bump version to 4.4.0

[4.3.2.1]

Bump version to 4.3.2.1

[4.3.2]

Bump version to 4.3.2

[4.3.1.1]

Bump version to 4.3.1.1

[4.3.1]

Bump version to 4.3.1

[4.3.0.4]

Bump version to 4.3.0.4

[4.3.0.3]

Bump version to 4.3.0.3

[4.3.0.2]

Bump version to 4.3.0.2

[4.3.0.1]

Bump version to 4.3.0.1

[4.3.0]

Bump version to 4.3.0

[4.2.8.2]

Bump version to 4.2.8.2

[4.2.8.1]

Bump version to 4.2.8.1

[4.2.8]

Bump version to 4.2.8

[4.2.7.3]

Bump version to 4.2.7.3

[4.2.7.2]

Bump version to 4.2.7.2

[4.2.7.1]

Bump version to 4.2.7.1

[4.2.7]

Bump version to 4.2.7

[4.2.6.4]

Bump version to 4.2.6.4

[4.2.6.3]

Bump version to 4.2.6.3

[4.2.6.2]

Bump version to 4.2.6.2

[4.2.6.1]

Bump version to 4.2.6.1

[4.2.6]

Bump version to 4.2.6

[4.2.5.2]

Bump version to 4.2.5.2

[4.2.5.1]

Bump version to 4.2.5.1

[4.2.5]

Bump version to 4.2.5

[4.2.4.5]

Bump version to 4.2.4.5

[4.2.4.4]

Bump version to 4.2.4.4

[4.2.4.3]

Bump version to 4.2.4.3

[4.2.4.2]

Bump version to 4.2.4.2

[4.2.4.1]

Bump version to 4.2.4.1

[4.2.4]

Bump version to 4.2.4

[4.2.3.3]

Bump version to 4.2.3.3

[4.2.3.2]

Bump version to 4.2.3.2

[4.2.3.1]

Bump version to 4.2.3.1

[4.2.3]

Bump version to 4.2.3

[4.2.2.6]

Bump version to 4.2.2.6

[4.2.2.5]

Bump version to 4.2.2.5

[4.2.2.4]

Bump version to 4.2.2.4

[4.2.2.3]

Bump version to 4.2.2.3

[4.2.2.2]

Bump version to 4.2.2.2

[4.2.2.1]

Bump version to 4.2.2.1

[4.2.2]

Bump version to 4.2.2

[4.2.1.4]

Bump version to 4.2.1.4

[4.2.1.3]

Bump version to 4.2.1.3

[4.2.1.2]

Bump version to 4.2.1.2

[4.2.1.1]

Bump version to 4.2.1.1

[4.2.1]

Bump version to 4.2.1

[4.2.0.2]

Bump version to 4.2.0.2

[4.2.0.1]

Bump version to 4.2.0.1

[4.2.0]

Bump version to 4.2.0

[4.1.0]

Add dependency for ovirt-engine-dashboard.
Bump version to 4.1.0

[4.0.0]

Bump version to 4.0.0
Dropped Fedora < 22 and EL < 7 support

[3.6.0]

Update dependencies and removed legacy provides / requires

[3.3.0-1]

Bump version to 3.3.0

[3.2.0-1]

Bump version to 3.2.0

[3.1.0-3]

Removed image uploader, iso uploader, and log collector from this git repo. The are now in their own respective ovirt.org git repos. BZ#803240.

[3.1.0-2]

The ovirt-engine spec file did not previously contain a BuildRequires statement for the maven package. As a result in mock environments the build failed with an error when attempting to call the 'mvn' binary - BZ#807761.

[3.1.0-1]

Adjust code for Jboss AS 7.1

[3.1.0-1]

Moved all hard coded paths to macros

[3.1.0-1]

Initial build
Cloned from RHEVM spec file

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

ovirt-engine

4.4.10.7-1.0.33.el8

ovirt-engine-backend

4.4.10.7-1.0.33.el8

ovirt-engine-dbscripts

4.4.10.7-1.0.33.el8

ovirt-engine-health-check-bundler

4.4.10.7-1.0.33.el8

ovirt-engine-restapi

4.4.10.7-1.0.33.el8

ovirt-engine-setup

4.4.10.7-1.0.33.el8

ovirt-engine-setup-base

4.4.10.7-1.0.33.el8

ovirt-engine-setup-plugin-cinderlib

4.4.10.7-1.0.33.el8

ovirt-engine-setup-plugin-imageio

4.4.10.7-1.0.33.el8

ovirt-engine-setup-plugin-ovirt-engine

4.4.10.7-1.0.33.el8

ovirt-engine-setup-plugin-ovirt-engine-common

4.4.10.7-1.0.33.el8

ovirt-engine-setup-plugin-vmconsole-proxy-helper

4.4.10.7-1.0.33.el8

ovirt-engine-setup-plugin-websocket-proxy

4.4.10.7-1.0.33.el8

ovirt-engine-tools

4.4.10.7-1.0.33.el8

ovirt-engine-tools-backup

4.4.10.7-1.0.33.el8

ovirt-engine-vmconsole-proxy-helper

4.4.10.7-1.0.33.el8

ovirt-engine-webadmin-portal

4.4.10.7-1.0.33.el8

ovirt-engine-websocket-proxy

4.4.10.7-1.0.33.el8

python3-ovirt-engine-lib

4.4.10.7-1.0.33.el8

Связанные CVE

CVE-2024-7259

Ссылки на источники

Связанные уязвимости

CVE-2024-7259

CVSS3: 4.4

redhat

около 1 года назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

CVE-2024-7259

CVSS3: 4.4

nvd

около 1 года назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

GHSA-9gxg-3rjh-xv63

CVSS3: 4.4

github

около 1 года назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.