-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement Advisory ID: RHSA-2021:1169-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:1169 Issue date: 2021-04-14 CVE Names: CVE-2019-20921 CVE-2020-25657 CVE-2020-28458 CVE-2020-28477 ===================================================================== 1. Summary: An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch 3. Description: The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes Security Fix(es): * nodejs-bootstrap-select: not escaping title values on