Red Hat Enterprise Linux 8 RHSA-2021:4191 moderate virt:rhel security flaws
red hat
November 9, 2021
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Kernel-based Virtual Machine (KVM) offers a full virtualization solution
for Linux on numerous hardware platforms. The virt:rhel module contains
packages which provide user-space components used to run virtual machines
using KVM. The packages also provide APIs for managing and interacting with
the virtualized systems.
Security Fix(es):
* QEMU: net: e1000e: use-after-free while sending packets (CVE-2020-15859)
* QEMU: slirp: invalid pointer initialization may lead to information
disclosure (bootp) (CVE-2021-3592)
* QEMU: slirp: invalid pointer initialization may lead to information
disclosure (udp6) (CVE-2021-3593)
* QEMU: slirp: invalid pointer initialization may lead to information
disclosure (udp) (CVE-2021-3594)
* QEMU: slirp: invalid pointer initialization may lead to information
disclosure (tftp) (CVE-2021-3595)
* libvirt: Insecure sVirt label generation (CVE-2021-3631)
* libvirt: Improper locking on ACL failure in
virStoragePoolLookupByTargetPath API (CVE-2021-3667)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
References
https://access.redhat.com/security/cve/CVE-2020-15859 https://access.redhat.com/security/cve/CVE-2021-3592 https://access.redhat.com/security/cve/CVE-2021-3593 https://access.redhat.com/security/cve/CVE-2021-3594 https://access.redhat.com/security/cve/CVE-2021-3595 https://access.redhat.com/security/cve/CVE-2021-3631 https://access.redhat.com/security/cve/CVE-2021-3667 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
SLOF-20191022-3.git899d9883.module+el8.3.0+6423+e4cb6418.src.rpm
hivex-1.3.18-21.module+el8.5.0+10709+b3edb581.src.rpm
libguestfs-1.40.2-28.module+el8.5.0+10717+67be7ac4.src.rpm
libguestfs-winsupport-8.2-1.module+el8.3.0+6423+e4cb6418.src.rpm
libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab.src.rpm
libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc.src.rpm
libvirt-6.0.0-37.module+el8.5.0+12162+40884dd2.src.rpm
libvirt-dbus-1.3.0-2.module+el8.3.0+6423+e4cb6418.src.rpm
libvirt-python-6.0.0-1.module+el8.3.0+6423+e4cb6418.src.rpm
nbdkit-1.16.2-4.module+el8.3.0+6922+fd575af8.src.rpm
netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab.src.rpm
perl-Sys-Virt-6.0.0-1.module+el8.3.0+6423+e4cb6418.src.rpm
qemu-kvm-4.2.0-59.module+el8.5.0+12817+cb650d43.src.rpm
seabios-1.13.0-2.module+el8.3.0+7353+9de0a3cc.src.rpm
sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab.src.rpm
supermin-5.1.19-10.module+el8.3.0+6423+e4cb6418.src.rpm
aarch64:
hivex-1.3.18-21.module+el8.5.0+10709+b3edb581.aarch64.rpm
hivex-debuginfo-1.3.18-21.module+el8.5.0+10709+b3edb581.aarch64.rpm
hivex-debugsource-1.3.18-21.module+el8.5.0+10709+b3edb581.aarch64.rpm
hivex-devel-1.3.18-21.module+el8.5.0+10709+b3edb581.aarch64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2021:4191-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4191
Issue date: 2021-11-09
Topic
An update for the virt:rhel and virt-devel:rhel modules is now availablefor Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
Bugs Fixed
1855250 - qemu-img convert uses possibly slow pre-zeroing on block storage
1859168 - CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets
1929357 - UEFI: Provide a way how to configure different combinations of secure boot enabled/disabled and keys enrolled/not enrolled
1932823 - after upgrade from 4.3 to 4.4 audio stops working in guests after couple of seconds
1933640 - [Regression] lvcreate fails to wipe signatures again
1934509 - QEMU doesn't honour system crypto policies
1939418 - Invalid hash calculated when using IPv6 RSS offload
1942805 - cannot restart default network and firewalld: iptables: No chain/target/match by that name.
1961562 - vm can not start with error as "internal error: unknown feature amd-sev-es"
1967329 - Make qemu-kvm use versioned obsoletes for qemu-kvm-ma and qemu-kvm-rhev
1967496 - [virtio-fs] nfs/xfstest generic/089 generic/478 failed
1967716 - RFE: rebuild guest agent to include public ssh injection api support
1967914 - [virtio-fs] virtiofsd quit when coping file to a folder in virtio-fs mounted volume(windows guest)
1969848 - qemu-img convert hangs on aarch64
1970484 - CVE-2021-3592 QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp)
1970487 - CVE-2021-3593 QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!