RHSA-2021:2180: Red Hat Security Advisory: RHV Engine and Host Common Packages security update [ovirt-4.4.6]

Updated dependency packages for ovirt-engine and ovirt-host that fix several security flaws, bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Security Fix(es):

• ansible: user data leak in snmp_facts module (CVE-2021-20178)
• ansible module: bitbucket_pipeline_variable exposes secured values (CVE-2021-20180)
• ansible: multiple modules expose secured values (CVE-2021-20191)
• ansible: basic.py no_log with fallback option (CVE-2021-20228) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
• Red Hat Virtualization 4.4.6 now requires Ansible 2.9.18 (BZ#1933672) Related CVEs:
• CVE-2021-20178: ansible: user data leak in snmp_facts module
• CVE-2021-20180: ansible module: bitbucket_pipeline_variable exposes secured values
• CVE-2021-20191: ansible: multiple modules expose secured values
• CVE-2021-20228: ansible: basic.py no_log with fallback option