The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.
A list of bugs fixed in this update is available in the Technical Notes
book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Security Fix(es):
nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS (CVE-2019-20921)
m2crypto: bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657)
datatables.net: prototype pollution if ‘constructor’ were used in a data property name (CVE-2020-28458)
nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2020-28477)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.