Alerts This Week
Warning Icon 1 825
Alerts This Week
Warning Icon 1 825

Red Hat OpenShift 4.9.0 RHSA-2021:4103-01 Moderate: DoS Issues

red hat
Calendar Grey November 2, 2021
Dist Redhat Esm H88
Safety bulletin for Red Hat OpenShift Virtualization 4.9.0, tackling moderate vulnerabilities and providing corrections.
Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.9.0 RPMs.
Security Fix(es):
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat DoS issue bug fix moderate impact virtualization OpenShift

References

https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-31525 https://access.redhat.com/security/updates/classification/#moderate

Package List

CNV 4.9 for RHEL 7:
Source: kubevirt-4.9.0-287.el7.src.rpm
x86_64: kubevirt-virtctl-4.9.0-287.el7.x86_64.rpm kubevirt-virtctl-redistributable-4.9.0-287.el7.x86_64.rpm
CNV 4.9 for RHEL 8:
Source: kubevirt-4.9.0-287.el8.src.rpm
x86_64: kubevirt-virtctl-4.9.0-287.el8.x86_64.rpm kubevirt-virtctl-redistributable-4.9.0-287.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Advisory ID: RHSA-2021:4103-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4103
Issue date: 2021-11-02

Topic

Red Hat OpenShift Virtualization release 4.9.0 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat DoS issue bug fix moderate impact virtualization OpenShift

Relevant Releases Architectures

CNV 4.9 for RHEL 7 - x86_64

CNV 4.9 for RHEL 8 - x86_64

Bugs Fixed

1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS

1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

1981345 - 4.9.0 rpms

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here