For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
Security Fix(es):
* kubevirt: VMIs can be used to access host files (CVE-2020-14316)
* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements.
This advisory contains the following OpenShift Virtualization 2.4.0 images:
RHEL-7-CNV-2.4
=============kubevirt-ssp-operator-container-v2.4.0-71
RHEL-8-CNV-2.4
=============virt-cdi-controller-container-v2.4.0-29
virt-cdi-uploadproxy-container-v2.4.0-29
hostpath-provisioner-container-v2.4.0-25
virt-cdi-operator-container-v2.4.0-29
kubevirt-metrics-collector-container-v2.4.0-18
cnv-containernetworking-plugins-container-v2.4.0-36
kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18
hostpath-provisioner-operator-container-v2.4.0-31
virt-cdi-uploadserver-container-v2.4.0-29
virt-cdi-apiserver-container-v2.4.0-29
virt-controller-container-v2.4.0-58
virt-cdi-cloner-container-v2.4.0-29
kubevirt-template-validator-container-v2.4.0-21
vm-import-operator-container-v2.4.0-21
kubernetes-nmstate-handler-container-v2.4.0-37
node-maintenance-operator-container-v2.4.0-27
virt-operator-container-v2.4.0-58
kubevirt-v2v-conversion-container-v2.4.0-23
cnv-must-gather-container-v2.4.0-73
virtio-win-container-v2.4.0-15
kubevirt-cpu-node-labeller-container-v2.4.0-19
ovs-cni-plugin-container-v2.4.0-37
kubevirt-vmware-container-v2.4.0-21
hyperconverged-cluster-operator-container-v2.4.0-70
virt-handler-container-v2.4.0-58
virt-cdi-importer-container-v2.4.0-29
virt-launcher-container-v2.4.0-58
kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17
virt-api-container-v2.4.0-58
ovs-cni-marker-container-v2.4.0-38
kubemacpool-container-v2.4.0-39
cluster-network-addons-operator-container-v2.4.0-38
bridge-marker-container-v2.4.0-39
vm-import-controller-container-v2.4.0-21
hco-bundle-registry-container-v2.3.0-497
https://access.redhat.com/security/cve/CVE-2018-7263 https://access.redhat.com/security/cve/CVE-2018-9251 https://access.redhat.com/security/cve/CVE-2018-14404 https://access.redhat.com/security/cve/CVE-2018-18074 https://access.redhat.com/security/cve/CVE-2018-19519 https://access.redhat.com/security/cve/CVE-2018-20060 https://access.redhat.com/security/cve/CVE-2018-20337 https://access.redhat.com/security/cve/CVE-2018-20852 https://access.redhat.com/security/cve/CVE-2019-1547 https://access.redhat.com/security/cve/CVE-2019-1549 https://access.redhat.com/security/cve/CVE-2019-1563 https://access.redhat.com/security/cve/CVE-2019-3016 https://access.redhat.com/security/cve/CVE-2019-3825 https://access.redhat.com/security/cve/CVE-2019-3843 https://access.redhat.com/security/cve/CVE-2019-3844 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/cve/CVE-2019-5481 https://access.redhat.com/security/cve/CVE-2019-5482 https://access.redhat.com/security/cve/CVE-2019-8457 https://access.redhat.com/security/cve/CVE-2019-11236 https://access.redhat.com/security/cve/CVE-2019-11324 https://access.redhat.com/security/cve/CVE-2019-12447 https://access.redhat.com/security/cve/CVE-2019-12448 Read the Full Advisory
Red Hat OpenShift Virtualization release 2.4.0 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
1684772 - virt-launcher images do not have the edk2-ovmf package installed
1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency
1724978 - [RFE][v2v] Improve the way we display progress percent in UI
1725672 - CDI: getting error with "unknown reason" when trying to create UploadTokenRequest for a none existing pvc
1727117 - [RFE] Reduce installed libvirt components
1780473 - Delete VM is hanging if the corresponding template does not exist anymore
1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue.
1789564 - Failed to allocate a SRIOV VF to VMI
1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent
1796342 - VM Failing to start since hard disk not ready
1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue)
1805044 - No mem/filesystem/Network Utilization in VM overview
1806288 - [CDI] fails to import images that comes from url that reject HEAD requests
1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server* templates, windows-server* should not have desktop version
1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable
1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state)
Get the latest Linux and open source security news straight to your inbox.