oVirt Engine 3.2 Async Update due to security issue

Mike Burns mburns at redhat.com
Thu Sep 12 16:27:13 UTC 2013


A new version of oVirt Engine 3.2 was released today to deal with 
security bug 1007482 [1].

A reflected cross-site scripting (XSS) flaw was found in oVirt Engine An 
attacker could construct a carefully-crafted URL, which once visited by 
an unsuspecting user, could cause the user's web browser to execute 
malicious script in the context the of oVirt Engine domain. (CVE-2013-4181)

This update only fixes this one bug.

Thanks

The oVirt Team


[1] https://bugzilla.redhat.com/show_bug.cgi?id=1007482



More information about the Announce mailing list