Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 2.6.8 RPMs.
Security Fix(es):
* golang: net: incorrect parsing of extraneous zero characters at the
beginning of an IP address octet (CVE-2021-29923)
* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/updates/classification/#moderate
CNV 2.6 for RHEL 7:
Source:
kubevirt-2.6.8-211.el7.src.rpm
x86_64:
kubevirt-virtctl-2.6.8-211.el7.x86_64.rpm
kubevirt-virtctl-redistributable-2.6.8-211.el7.x86_64.rpm
CNV 2.6 for RHEL 8:
Source:
kubevirt-2.6.8-211.el8.src.rpm
x86_64:
kubevirt-virtctl-2.6.8-211.el8.x86_64.rpm
kubevirt-virtctl-redistributable-2.6.8-211.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Red Hat OpenShift Virtualization release 2.6.8 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
CNV 2.6 for RHEL 7 - x86_64
CNV 2.6 for RHEL 8 - x86_64
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
2012329 - 2.6.8 rpms
Get the latest Linux and open source security news straight to your inbox.