RedHat: RHSA-2021-2519:01 Important: RHV-H security update | LinuxS...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: RHV-H security update (redhat-virtualization-host) 4.3.16
Advisory ID:       RHSA-2021:2519-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2519
Issue date:        2021-06-22
CVE Names:         CVE-2020-24489 CVE-2021-25217 CVE-2021-27219 
=====================================================================

1. Summary:

An update for redhat-virtualization-host is now available for Red Hat
Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64
Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch

3. Description:

The redhat-virtualization-host packages provide the Red Hat Virtualization
Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines.
RHVH features a Cockpit user interface for monitoring the host's resources
and
performing administrative tasks.

Security Fix(es):

* glib: integer overflow in g_bytes_new function on 64-bit platforms due to
an implicit cast from 64 bits to 32 bits (CVE-2021-27219)

* hw: vt-d related privilege escalation (CVE-2020-24489)

* dhcp: stack-based buffer overflow when parsing statements with
colon-separated hex digits in config or lease files in dhcpd and dhclient
(CVE-2021-25217)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits
1948377 - Rebase RHV-H 4.3 EUS on RHGS 3.5.z on RHEL 7 - Batch Update 4
1957238 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #6
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient

6. Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 7:

Source:
redhat-virtualization-host-4.3.16-20210615.0.el7_9.src.rpm

noarch:
redhat-virtualization-host-image-update-4.3.16-20210615.0.el7_9.noarch.rpm

RHEL 7-based RHEV-H for RHEV 4 (build requirements):

Source:
redhat-release-virtualization-host-4.3.16-1.el7ev.src.rpm
redhat-virtualization-host-4.3.16-20210615.0.el7_9.src.rpm

noarch:
redhat-virtualization-host-image-update-4.3.16-20210615.0.el7_9.noarch.rpm
redhat-virtualization-host-image-update-placeholder-4.3.16-1.el7ev.noarch.rpm

x86_64:
redhat-release-virtualization-host-4.3.16-1.el7ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-24489
https://access.redhat.com/security/cve/CVE-2021-25217
https://access.redhat.com/security/cve/CVE-2021-27219
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYNHkC9zjgjWX9erEAQgfzA//XmZkMK8f1iQ1hsGb+AMoE4IxHIjKYXA2
B9zKwwpjMcDcTvu0jqx3xeXBc+TVlLa/OvlqOUKORh2s7fRfSL4X6ZCDQJABhggx
pnPFOdpwARI8EZCup/o9msr6EHq6JVMiD7ULuy4HSsvtZKn6GJwUAjVCSKEChtS6
yWeMUXWtA9q1HLKj5cq6q01j+20ytD2lwKFvfY9lfL/pdC3T44V41OwVzGBqrrNw
X4dSiXMrHhxCDh/TzfYbT7DzzX8IGNdb+klCPvVM0xNAazn6FYy/pUq8e3keOxWX
bOImrAqMOxBC3YUiPeserGJB2XOGQ37C2ZPFiKguBL2BhSno90GAC1GXGyQRCMJi
vAPUS1MKLqbQQQ7pkvVnOGbWHPCHpbdKV8Ue1mbleGOMNHbBkYF4ZwSb7ZLS0S1v
7/pf/6hi9mhuVPrD12ish4yDhlZJzkRS3YE053ZUQzf0LzBk/1ogv1gEif6GKBzo
oFsaRH0p12m1x/bqf6n4JjMkccJ4ryOvDu5/U7ZB55cJITf8xAzvjF+CURQT8UJh
sna7/RvUNNTimQoC3iMc+Q7wowgSDD5N633h/mdyFHvOG1qPQVw5SKdhWmC4fF7n
G7eEbyyMNgvK89T4DnDdzwKgSvGAc3EyieHAz8WmVpvG2uXrFR0KVVB05hHALXec
BAhPsCZy2AU=
=Nety
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-2519:01 Important: RHV-H security update

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Summary

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
* glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219)
* hw: vt-d related privilege escalation (CVE-2020-24489)
* dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/2974891

References

https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Virtualization 4 Hypervisor for RHEL 7:
Source: redhat-virtualization-host-4.3.16-20210615.0.el7_9.src.rpm
noarch: redhat-virtualization-host-image-update-4.3.16-20210615.0.el7_9.noarch.rpm
RHEL 7-based RHEV-H for RHEV 4 (build requirements):
Source: redhat-release-virtualization-host-4.3.16-1.el7ev.src.rpm redhat-virtualization-host-4.3.16-20210615.0.el7_9.src.rpm
noarch: redhat-virtualization-host-image-update-4.3.16-20210615.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.16-1.el7ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.3.16-1.el7ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2021:2519-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2519
Issued Date: : 2021-06-22
CVE Names: CVE-2020-24489 CVE-2021-25217 CVE-2021-27219

Topic

An update for redhat-virtualization-host is now available for Red HatVirtualization 4 for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64

Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch

Bugs Fixed

1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits

1948377 - Rebase RHV-H 4.3 EUS on RHGS 3.5.z on RHEL 7 - Batch Update 4

1957238 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #6

1962650 - CVE-2020-24489 hw: vt-d related privilege escalation

1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.