-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Virtualization security update
Advisory ID:       RHSA-2022:6551-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6551
Issue date:        2022-09-19
CVE Names:         CVE-2022-1012 CVE-2022-2132 CVE-2022-2526 
                   CVE-2022-2588 CVE-2022-29154 CVE-2022-32250 
====================================================================
1. Summary:

An update for redhat-release-virtualization-host,
redhat-virtualization-host, and redhat-virtualization-host-productimg is
now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64
Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64

3. Description:

The redhat-virtualization-host packages provide the Red Hat Virtualization
Host. These packages include redhat-release-virtualization-host,
ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are
installed using a special build of Red Hat Enterprise Linux with only the
packages required to host virtual machines. RHVH features a Cockpit user
interface for monitoring the host's resources and performing administrative
tasks.

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These
packages include redhat-release-virtualization-host, ovirt-node, and
rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a
special build of Red Hat Enterprise Linux with only the packages required
to host virtual machines. RHVH features a Cockpit user interface for
monitoring the host's resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version:
redhat-release-virtualization-host (4.5.2), redhat-virtualization-host
(4.5.2), redhat-virtualization-host-productimg (4.5.2). (BZ#2070049,
BZ#2093195)

Security Fix(es):

* kernel: Small table perturb size in the TCP source port generation
algorithm can lead to information leak (CVE-2022-1012)

* dpdk: DoS when a Vhost header crosses more than two descriptors and
exhausts all mbufs (CVE-2022-2132)

* systemd-resolved: use-after-free when dealing with DnsStream in
resolved-dns-stream.c (CVE-2022-2526)

* kernel: a use-after-free in cls_route filter implementation may lead to
privilege escalation (CVE-2022-2588)

* rsync: remote arbitrary files write inside the directories of connecting
peers (CVE-2022-29154)

* kernel: a use-after-free write in the netfilter subsystem can lead to
privilege escalation to root (CVE-2022-32250)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak
2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs
2107498 - Rebase RHV-H 4.4 SP1 on RHEL 8.6.0.3
2109393 - Upgrade redhat-release-virtualization-host to 4.5.2
2109926 - CVE-2022-2526 systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
2110928 - CVE-2022-29154 rsync: remote arbitrary files write inside the directories of connecting peers2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:
redhat-virtualization-host-4.5.2-202209140405_8.6.src.rpm

x86_64:
redhat-virtualization-host-image-update-4.5.2-202209140405_8.6.x86_64.rpm

RHEL 8-based RHEV-H for RHEV 4 (build requirements):

Source:
redhat-release-virtualization-host-4.5.2-1.el8ev.src.rpm
redhat-virtualization-host-productimg-4.5.2-1.el8.src.rpm

noarch:
redhat-virtualization-host-image-update-placeholder-4.5.2-1.el8ev.noarch.rpm

x86_64:
redhat-release-virtualization-host-4.5.2-1.el8ev.x86_64.rpm
redhat-release-virtualization-host-content-4.5.2-1.el8ev.x86_64.rpm
redhat-virtualization-host-productimg-4.5.2-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1012
https://access.redhat.com/security/cve/CVE-2022-2132
https://access.redhat.com/security/cve/CVE-2022-2526
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/cve/CVE-2022-29154
https://access.redhat.com/security/cve/CVE-2022-32250
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYyhq29zjgjWX9erEAQgiXA/7BAJYAIb5xPB/stn0ws3s3rs6d5fpEVzr
5jHraeX3IxGEUnno6m9mfBYfJZGWSVqsnh1/VS2mTMafC8vzrHecrTxUlgzS7dDu
3vOgyc6grNvjCZvYM1YCTxp2W6cKzCrNmJ0udfUwujpsIXBrlAyAyUDWuN8WLR1w
g1EEi8qB0fb2TR5ohQGnTaU9/gXzuzdmwcXcrx5aLR5Pe7ICNjLEg5TpnbTZ392y
etOxhcHtI1YjKm/yc4MlGtkf8+XHN3h9954cRGd7ptLFaU2qtR9Eezvq8oDuYSsz
TByRrtRjjdxdl5uyFYkGWKen8r3ILNW1wgYCbpYOYDY19pjsjwKdqW4MNf8yg0D2
X1AM+cXMvkfPB0cIa3EquZiUftbbv2CpHhq4rmpTEx3C7sqyK2OvEjFQKwnUuYY/
aXr9/0qcTA3PLhVwNXZfe9F8615NeiShK1XMSZArtXANksPUxjPFtpwX45qDh1XJ
P8g3LvyCvKto4qkpNyrU1L6eFv8+wvPILC4zjOLxiLPReNiQha1x9WrcKGKSOy3P
jdmeqWsizkmvDT/Zpqfz/N6TUU5V+JqfoeiK/05OiZH1hZ27AmemxYNbPIGX6+4b
JyIshCYmyd6hVUX+WZKQT/mPlxKTWUiK3a399G6F8DdFKyVh1Hf79qe1s01UwqaB
M3n9P8wCe4U=LxVa
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-6551:01 Important: Red Hat Virtualization security update

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat En...

Summary

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.5.2), redhat-virtualization-host (4.5.2), redhat-virtualization-host-productimg (4.5.2). (BZ#2070049, BZ#2093195)
Security Fix(es):
* kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)
* dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)
* systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526)
* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
* rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154)
* kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891

References

https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-2132 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-2588 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: redhat-virtualization-host-4.5.2-202209140405_8.6.src.rpm
x86_64: redhat-virtualization-host-image-update-4.5.2-202209140405_8.6.x86_64.rpm
RHEL 8-based RHEV-H for RHEV 4 (build requirements):
Source: redhat-release-virtualization-host-4.5.2-1.el8ev.src.rpm redhat-virtualization-host-productimg-4.5.2-1.el8.src.rpm
noarch: redhat-virtualization-host-image-update-placeholder-4.5.2-1.el8ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.5.2-1.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.5.2-1.el8ev.x86_64.rpm redhat-virtualization-host-productimg-4.5.2-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2022:6551-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6551
Issued Date: : 2022-09-19
CVE Names: CVE-2022-1012 CVE-2022-2132 CVE-2022-2526 CVE-2022-2588 CVE-2022-29154 CVE-2022-32250

Topic

An update for redhat-release-virtualization-host,redhat-virtualization-host, and redhat-virtualization-host-productimg isnow available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64

Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64


Bugs Fixed

2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak

2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

2107498 - Rebase RHV-H 4.4 SP1 on RHEL 8.6.0.3

2109393 - Upgrade redhat-release-virtualization-host to 4.5.2

2109926 - CVE-2022-2526 systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

2110928 - CVE-2022-29154 rsync: remote arbitrary files write inside the directories of connecting peers2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation


Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved