Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat OpenShift Virtualization 4.11.1 RHSA-2022:8750-01 Moderate DoS Risk

red hat
Calendar Grey December 2, 2022
Dist Redhat Esm H88
The latest update for Red Hat OpenShift Virtualization version 4.11.1 introduces essential security enhancements along with vital bug fixes categorized as moderate severity.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
Security Fix(es):
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
* Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
* Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
* [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
* Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
* [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
* CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
* Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
* Unable to start windows VMs on PSI setups (BZ#2115371)
* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
* Mark Windows 11 as TechPreview (BZ#2129013)
* 4.11.1 rpms (BZ#2139453)
This advisory contains the following OpenShift Virtualization 4.11.1 images.
RHEL-8-CNV-4.11
virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fix DoS stack overflow OpenShift Virtualization

References

https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-24675 Read the Full Advisory

Package List


Advisory ID: RHSA-2022:8750-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8750
Issue date: 2022-12-01

Topic

Red Hat OpenShift Virtualization release 4.11.1 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fix DoS stack overflow OpenShift Virtualization

Relevant Releases Architectures

Bugs Fixed

2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api

2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression

2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML

2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode

2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar

2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM

2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR

2091856 - ?Edit BootSource? action should have more explicit information when disabled

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

2102694 - Fedora version in DataImportCrons is not 'latest'

2109407 - [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted

2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls

2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based

2115371 - Unable to start windows VMs on PSI setups

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here