RHSA-2019:2439: Moderate: rhvm-appliance security, bug fix, and enhancement update
The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.<br>The following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255)<br>Security Fix(es):<br><li> rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)</li> <li> openssl: 0-byte record padding oracle (CVE-2019-1559)</li> <li> undertow: leak credentials to log files UndertowLogger.REQUESTLOGGER.undertowRequestFailed (CVE-2019-3888)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:2439?
The severity of RHSA-2019:2439 is classified as important.
How do I fix RHSA-2019:2439?
To fix RHSA-2019:2439, upgrade the rhvm-appliance package to version 4.3-20190722.0.el7.
What software is affected by RHSA-2019:2439?
RHSA-2019:2439 affects the rhvm-appliance package in Red Hat Virtualization Manager.
Is there a workaround for RHSA-2019:2439?
There are no immediate workarounds for RHSA-2019:2439; upgrading is recommended.
When was RHSA-2019:2439 released?
RHSA-2019:2439 was released on July 24, 2019.