RHSA-2019:3023: Moderate: ovirt-engine-ui-extensions security and bug fix update
The ovirt-engine-ui-extensions package contains UI plugins that provide various extensions to the oVirt administration UI.Security Fix(es): bootstrap: XSS in the data-target attribute (CVE-2016-10735) bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676) bootstrap: XSS in the affix configuration target property (CVE-2018-20677) bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): Known moderate severity security vulnerability detected by GitHub on ovirt-engine-ui-extensions components (BZ#1694035)
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:3023?
RHSA-2019:3023 addresses vulnerabilities classified with a high severity due to the risk of XSS attacks.
How do I fix RHSA-2019:3023?
To fix RHSA-2019:3023, update the ovirt-engine-ui-extensions package to version 1.0.10-1.el7e or later.
What vulnerabilities are addressed in RHSA-2019:3023?
RHSA-2019:3023 addresses XSS vulnerabilities in the bootstrap framework related to data attributes.
Which package is affected by RHSA-2019:3023?
The ovirt-engine-ui-extensions package is the affected software in RHSA-2019:3023.
Is there a workaround for RHSA-2019:3023?
There are no specific workarounds for RHSA-2019:3023; updating the affected package is recommended.