Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

RedHat: RHSA-2020:4291-01 Important: Virt:8.2 Bug Fix Update

red hat
Calendar Grey October 20, 2020
Dist Redhat Esm H88
Crucial patch released for virty:8.2 and virty-dev:8.2 in RHEL 8.2.1 targeting severe vulnerabilities.
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* move the glusterfs dependency out of qemu-kvm-core to the glusterfs module (BZ#1877431)

Topics%20covered

Topics Covered

security advisory bug fix important RHEL KVM advanced virtualization virt

References

https://access.redhat.com/security/cve/CVE-2020-14364 https://access.redhat.com/security/updates/classification/#important

Package List

Advanced Virtualization for RHEL 8.2.1:
Source: SLOF-20191022-3.git899d9883.module+el8.2.0+5449+efc036dd.src.rpm hivex-1.3.18-20.module+el8.2.0+5588+63a201c3.src.rpm libguestfs-1.40.2-24.module+el8.2.1+7154+47ffd890.src.rpm libguestfs-winsupport-8.2-1.module+el8.2.0+5590+82cd80df.src.rpm libiscsi-1.18.0-8.module+el8.2.0+4793+b09dd2fb.src.rpm libnbd-1.2.2-1.module+el8.2.0+5644+32ac38d4.src.rpm libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.2.0+4793+b09dd2fb.src.rpm libvirt-6.0.0-25.2.module+el8.2.1+7722+a9e38cf3.src.rpm libvirt-dbus-1.3.0-2.module+el8.2.0+4793+b09dd2fb.src.rpm libvirt-python-6.0.0-1.module+el8.2.0+5453+31b2b136.src.rpm nbdkit-1.16.2-4.module+el8.2.1+6710+effcb1df.src.rpm netcf-0.2.8-12.module+el8.2.0+4793+b09dd2fb.src.rpm perl-Sys-Virt-6.0.0-1.module+el8.2.0+5488+267def79.src.rpm python-pyvmomi-6.7.1-7.module+el8.2.0+4793+b09dd2fb.src.rpm qemu-kvm-4.2.0-29.module+el8.2.1+7990+27f1e480.4.src.rpm seabios-1.13.0-2.module+el8.2.1+7284+aa32a2c4.src.rpm sgabios-0.20170427git-3.module+el8.2.0+4793+b09dd2fb.src.rpm supermin-5.1.19-10.module+el8.2.0+4793+b09dd2fb.src.rpm swtpm-0.2.0-2.20200127gitff5a83b.module+el8.2.0+5579+d71178e0.src.rpm virglrenderer-0.8.2-1.module+el8.2.0+5777+d9c2af8c.src.rpm
aarch64:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:4291-01
Product: Advanced Virtualization
Advisory URL: Issue date: 2020-10-20

Topic

An update for the virt:8.2 and virt-devel:8.2 modules is now available forAdvanced Virtualization for RHEL 8.2.1.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix important RHEL KVM advanced virtualization virt

Relevant Releases Architectures

Advanced Virtualization CodeReady Builder for RHEL 8.2.1 - aarch64, ppc64le, s390x, x86_64

Advanced Virtualization for RHEL 8.2.1 - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1869201 - CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets

1877431 - move the glusterfs dependency out of qemu-kvm-core to the glusterfs module

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here