Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat 8.2 Moderate Security Advisory: KVM and Virt Module Update

red hat
Calendar Grey September 30, 2021
Dist Redhat Esm H88
Debian issues Important vulnerability patches for web:10 and web-devel:10 packages to boost system defense.
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.2.1

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* QEMU: usbredir: free() call on invalid pointer in bufp_alloc() (CVE-2021-3682)
* ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records (CVE-2021-33285)
* ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)
* ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes (CVE-2021-33287)
* ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)
* ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)
* ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections (CVE-2021-35267)
* ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode (CVE-2021-35268)
* ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT (CVE-2021-35269)
* ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)
* ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)
* ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)
* ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize() (CVE-2021-39254)
* ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute (CVE-2021-39255)
* ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)
* ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)
* ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)
* ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length (CVE-2021-39259)
* ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)
* ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)
* ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)
* ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute (CVE-2021-39263)
* libvirt: Insecure sVirt label generation (CVE-2021-3631)
* libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API (CVE-2021-3667)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2021-3631 https://access.redhat.com/security/cve/CVE-2021-3667 https://access.redhat.com/security/cve/CVE-2021-3682 https://access.redhat.com/security/cve/CVE-2021-33285 https://access.redhat.com/security/cve/CVE-2021-33286 https://access.redhat.com/security/cve/CVE-2021-33287 https://access.redhat.com/security/cve/CVE-2021-33289 https://access.redhat.com/security/cve/CVE-2021-35266 https://access.redhat.com/security/cve/CVE-2021-35267 https://access.redhat.com/security/cve/CVE-2021-35268 https://access.redhat.com/security/cve/CVE-2021-35269 https://access.redhat.com/security/cve/CVE-2021-39251 https://access.redhat.com/security/cve/CVE-2021-39252 https://access.redhat.com/security/cve/CVE-2021-39253 https://access.redhat.com/security/cve/CVE-2021-39254 https://access.redhat.com/security/cve/CVE-2021-39255 https://access.redhat.com/security/cve/CVE-2021-39256 https://access.redhat.com/security/cve/CVE-2021-39257 https://access.redhat.com/security/cve/CVE-2021-39258 https://access.redhat.com/security/cve/CVE-2021-39259 https://access.redhat.com/security/cve/CVE-2021-39260 https://access.redhat.com/security/cve/CVE-2021-39261 https://access.redhat.com/security/cve/CVE-2021-39262 Read the Full Advisory

Package List

Advanced Virtualization for RHEL 8.2.1:
Source: SLOF-20191022-3.git899d9883.module+el8.2.0+5449+efc036dd.src.rpm hivex-1.3.18-20.module+el8.2.0+5588+63a201c3.src.rpm libguestfs-1.40.2-24.module+el8.2.1+7154+47ffd890.src.rpm libguestfs-winsupport-8.2-2.module+el8.2.1+12663+d52ebc0d.src.rpm libiscsi-1.18.0-8.module+el8.2.0+4793+b09dd2fb.src.rpm libnbd-1.2.2-1.module+el8.2.0+5644+32ac38d4.src.rpm libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.2.0+4793+b09dd2fb.src.rpm libvirt-6.0.0-25.6.module+el8.2.1+12457+868e9540.src.rpm libvirt-dbus-1.3.0-2.module+el8.2.0+4793+b09dd2fb.src.rpm libvirt-python-6.0.0-1.module+el8.2.0+5453+31b2b136.src.rpm nbdkit-1.16.2-4.module+el8.2.1+6710+effcb1df.src.rpm netcf-0.2.8-12.module+el8.2.0+4793+b09dd2fb.src.rpm perl-Sys-Virt-6.0.0-1.module+el8.2.0+5488+267def79.src.rpm python-pyvmomi-6.7.1-7.module+el8.2.0+4793+b09dd2fb.src.rpm qemu-kvm-4.2.0-29.module+el8.2.1+12598+39ddf37a.9.src.rpm seabios-1.13.0-2.module+el8.2.1+7284+aa32a2c4.src.rpm sgabios-0.20170427git-3.module+el8.2.0+4793+b09dd2fb.src.rpm supermin-5.1.19-10.module+el8.2.0+4793+b09dd2fb.src.rpm swtpm-0.2.0-2.20200127gitff5a83b.module+el8.2.0+5579+d71178e0.src.rpm virglrenderer-0.8.2-1.module+el8.2.0+5777+d9c2af8c.src.rpm
aarch64:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:3704-01
Product: Advanced Virtualization
Advisory URL: Issue date: 2021-09-30

Topic

An update for the virt:8.2 and virt-devel:8.2 modules is now available forRed Hat Enterprise Linux Advanced Virtualization 8.2.1.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Advanced Virtualization CodeReady Builder for RHEL 8.2.1 - aarch64, ppc64le, s390x, x86_64

Advanced Virtualization for RHEL 8.2.1 - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1977726 - CVE-2021-3631 libvirt: Insecure sVirt label generation

1986094 - CVE-2021-3667 libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API

1989651 - CVE-2021-3682 QEMU: usbredir: free() call on invalid pointer in bufp_alloc()

2001608 - CVE-2021-33285 ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records

2001609 - CVE-2021-33286 ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string

2001613 - CVE-2021-33287 ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes

2001616 - CVE-2021-33289 ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section

2001619 - CVE-2021-35266 ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname

2001621 - CVE-2021-35267 ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections

2001623 - CVE-2021-35268 ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode

2001645 - CVE-2021-35269 ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT

2001649 - CVE-2021-39251 ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open()

2001650 - CVE-2021-39252 ntfs-3g: Out-of-bounds read in ntfs_ie_lookup()

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here