Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

RHSA-2021:2736-01 Important: Red Hat Virtualization Host Security Fixes

red hat
Calendar Grey July 22, 2021
Dist Redhat Esm H88
Explore the key security patch for Red Hat Virtualization Host that addresses critical vulnerabilities and improves overall system performance and security
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
* kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
* systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910)
* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)
* ansible: multiple modules expose secured values (CVE-2021-3447)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The redhat-release-virtualization-host package no longer requires vdsm-hooks. In this release, the installation of vdsm-hooks is not mandatory for the Red Hat Virtualization Host. (BZ#1976095)
* Previously, rhsmcertd was not enabled by default on the Red Hat Virtualization Host. As a result, the systems did not regularly report to RHSM while the subscription-manager reported no obvious issues and repositories were properly enabled. In this release, rhsmcertd is enabled by default in RHVH, and as a result, RHSM now receives reports regularly. (BZ#1958145)
* In this release, the Red Hat Virtualization Host has been rebased on top of the RHEL 8.4.0 Batch #1 update. For more information, see the RHEL release notes. (BZ#1957242)
* Red Hat Virtualization Host now includes an updated scap-security-guide-rhv which allows you to apply a PCI DSS security profile to the system during installation, (BZ#1883793)

Topics%20covered

Topics Covered

security advisory security issue system update important security update critical fixes red hat virtualization

References

https://access.redhat.com/security/cve/CVE-2021-3447 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/cve/CVE-2021-33910 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006

Package List

Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: fcoe-utils-1.0.33-3.git848bcc6.el8.src.rpm redhat-virtualization-host-4.4.7-20210715.1.el8_4.src.rpm vhostmd-1.1-5.el8.src.rpm
x86_64: fcoe-utils-1.0.33-3.git848bcc6.el8.x86_64.rpm fcoe-utils-debuginfo-1.0.33-3.git848bcc6.el8.x86_64.rpm fcoe-utils-debugsource-1.0.33-3.git848bcc6.el8.x86_64.rpm redhat-virtualization-host-image-update-4.4.7-20210715.1.el8_4.x86_64.rpm vhostmd-1.1-5.el8.x86_64.rpm vhostmd-debuginfo-1.1-5.el8.x86_64.rpm vhostmd-debugsource-1.1-5.el8.x86_64.rpm vm-dump-metrics-1.1-5.el8.x86_64.rpm vm-dump-metrics-debuginfo-1.1-5.el8.x86_64.rpm vm-dump-metrics-devel-1.1-5.el8.x86_64.rpm
RHEL 8-based RHEV-H for RHEV 4 (build requirements):
Source: imgbased-1.2.21-1.el8ev.src.rpm redhat-release-virtualization-host-4.4.7-3.el8ev.src.rpm scap-security-guide-0.1.54-2.el8ev.src.rpm
noarch: imgbased-1.2.21-1.el8ev.noarch.rpm python3-imgbased-1.2.21-1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.7-3.el8ev.noarch.rpm scap-security-guide-rhv-0.1.54-2.el8ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.4.7-3.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:2736-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2736
Issue date: 2021-07-22

Topic

An update for imgbased, redhat-release-virtualization-host, andredhat-virtualization-host is now available for Red Hat Virtualization 4for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue system update important security update critical fixes red hat virtualization

Relevant Releases Architectures

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64

Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64

Bugs Fixed

1883793 - [RFE] RHV installation with PCI DSS compliance

1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

1955415 - RHVH 4.4: There are AVC denied errors in audit.log after upgrade

1957242 - Rebase RHV-H 4.4.7 on RHEL 8.4.0.1

1958145 - [RHVH 4.4.5] Need to enable rhsmcertd service on the host by default

1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan

1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

1970887 - CVE-2021-33910 systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash

1970970 - Rebase RHVH 4.4.6 host image with kernel fix for fnic issue

1976005 - No swap on RHVH 4.4.6

1976095 - redhat-release-virtualization-host-content shouldn't have hard dependency on vdsm hooks

1976118 - Failed to enable unit: Unit file rdma.service does not exist in %post execution

1976146 - Include fcoe-utils package into CDN: rhvh-4-for-rhel-8-x86_64-rpms

1976148 - Include vhostmd package into CDN: rhvh-4-for-rhel-8-x86_64-rpms

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here