rhba-2020_2396
Vulnerability from csaf_redhat
Published
2020-06-04 15:05
Modified
2024-11-15 06:09
Summary
Red Hat Bug Fix Advisory: Red Hat Virtualization Engine security, bug fix 4.3.10
Notes
Topic
An update is now available for Red Hat Virtualization Engine 4.3.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
PostgreSQL is an open-source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.
Changes to the ovirt-engine component:
* Previously, a new DB was introduced as part of the cinderlib (managed block storage) support, but did not include a backup and restore option. The current release fixes this issue by providing a backup and restore option. (BZ#1820642)
* Previously, the landing page for the RHV Manager did not support scrolling. As a result, with specific resolutions or zoom ratios, some areas of the landing page were not visible, including the link to the Administration Portal. The current release fixes this issue by enabling users to scroll the landing page and access any of the links on it. (BZ#1796136)
* Previously, using the Administration Portal to import a storage domain omitted custom mount options for NFS storage servers. The current release fixes this issue by including the custom mount options. (BZ#1828067)
Changes to the Documentation component:
* The current release adds support for installing Red Hat OpenShift Container Platform (RHOCP) version 4.4 on Red Hat Virtualization (RHV). The installer that deploys RHOCP on RHV automates the process using “installer-provisioned infrastructure.” This installer is available for Linux and macOS only. The resulting RHOCP cluster runs the master and worker nodes on virtual machines in RHV. (BZ#1764779)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Virtualization Engine 4.3.", "title": "Topic" }, { "category": "general", "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nPostgreSQL is an open-source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. \n\nChanges to the ovirt-engine component:\n\n* Previously, a new DB was introduced as part of the cinderlib (managed block storage) support, but did not include a backup and restore option. The current release fixes this issue by providing a backup and restore option. (BZ#1820642)\n\n* Previously, the landing page for the RHV Manager did not support scrolling. As a result, with specific resolutions or zoom ratios, some areas of the landing page were not visible, including the link to the Administration Portal. The current release fixes this issue by enabling users to scroll the landing page and access any of the links on it. (BZ#1796136)\n\n* Previously, using the Administration Portal to import a storage domain omitted custom mount options for NFS storage servers. The current release fixes this issue by including the custom mount options. (BZ#1828067)\n\nChanges to the Documentation component:\n\n* The current release adds support for installing Red Hat OpenShift Container Platform (RHOCP) version 4.4 on Red Hat Virtualization (RHV). The installer that deploys RHOCP on RHV automates the process using \u201cinstaller-provisioned infrastructure.\u201d This installer is available for Linux and macOS only. The resulting RHOCP cluster runs the master and worker nodes on virtual machines in RHV. (BZ#1764779)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2020:2396", "url": "https://access.redhat.com/errata/RHBA-2020:2396" }, { "category": "external", "summary": "1717336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1717336" }, { "category": "external", "summary": "1764779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764779" }, { "category": "external", "summary": "1796136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796136" }, { "category": "external", "summary": "1817450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817450" }, { "category": "external", "summary": "1820642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820642" }, { "category": "external", "summary": "1826789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826789" }, { "category": "external", "summary": "1827039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827039" }, { "category": "external", "summary": "1827350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827350" }, { "category": "external", "summary": "1827611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827611" }, { "category": "external", "summary": "1828067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828067" }, { "category": "external", "summary": "1832218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832218" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_2396.json" } ], "title": "Red Hat Bug Fix Advisory: Red Hat Virtualization Engine security, bug fix 4.3.10", "tracking": { "current_release_date": "2024-11-15T06:09:35+00:00", "generator": { "date": "2024-11-15T06:09:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHBA-2020:2396", "initial_release_date": "2020-06-04T15:05:37+00:00", "revision_history": [ { "date": "2020-06-04T15:05:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-06-04T15:05:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T06:09:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHV-M 4.3", "product": { "name": "RHV-M 4.3", "product_id": "7Server-RHV-S-4.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhev_manager:4.3" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-contrib@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-contrib-syspaths@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-devel@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-docs@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-libs@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-plperl@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-plpython@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-pltcl@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-server@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-server-syspaths@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-static@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-syspaths@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-test@10.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "product": { "name": "rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "product_id": "rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql-debuginfo@10.12-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-postgresql10-postgresql-0:10.12-2.el7.src", "product": { "name": "rh-postgresql10-postgresql-0:10.12-2.el7.src", "product_id": "rh-postgresql10-postgresql-0:10.12-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-postgresql10-postgresql@10.12-2.el7?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.3.10.3-0.2.el7.src", "product": { "name": "ovirt-engine-0:4.3.10.3-0.2.el7.src", "product_id": "ovirt-engine-0:4.3.10.3-0.2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.3.10.3-0.2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extensions-api-impl@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extensions-api-impl-javadoc@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "product_id": "ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "product_id": "python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-ovirt-engine-lib@4.3.10.3-0.2.el7?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-0:4.3.10.3-0.2.el7.noarch", "product": { "name": "rhvm-0:4.3.10.3-0.2.el7.noarch", "product_id": "rhvm-0:4.3.10.3-0.2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm@4.3.10.3-0.2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.3.10.3-0.2.el7.src as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.src" }, "product_reference": "ovirt-engine-0:4.3.10.3-0.2.el7.src", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-0:10.12-2.el7.src as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.src" }, "product_reference": "rh-postgresql10-postgresql-0:10.12-2.el7.src", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64 as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64" }, "product_reference": "rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHV-S-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-0:4.3.10.3-0.2.el7.noarch as a component of RHV-M 4.3", "product_id": "7Server-RHV-S-4.3:rhvm-0:4.3.10.3-0.2.el7.noarch" }, "product_reference": "rhvm-0:4.3.10.3-0.2.el7.noarch", "relates_to_product_reference": "7Server-RHV-S-4.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1720", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798852" } ], "notes": [ { "category": "description", "text": "A flaw was found in PostgreSQL\u0027s \"ALTER ... DEPENDS ON EXTENSION\", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.src", "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.src", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rhvm-0:4.3.10.3-0.2.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1720" }, { "category": "external", "summary": "RHBZ#1798852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798852" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1720", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1720" } ], "release_date": "2020-02-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-04T15:05:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.src", "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.src", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rhvm-0:4.3.10.3-0.2.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2020:2396" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-0:4.3.10.3-0.2.el7.src", "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.10.3-0.2.el7.noarch", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.src", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-devel-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-docs-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-libs-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plperl-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-plpython-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-pltcl-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-static-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-syspaths-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rh-postgresql10-postgresql-test-0:10.12-2.el7.x86_64", "7Server-RHV-S-4.3:rhvm-0:4.3.10.3-0.2.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.