RedHat: RHSA-2023-0408:01 Important: OpenShift Virtualization 4.12....
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Virtualization 4.12.0 Images security update
Advisory ID:       RHSA-2023:0408-01
Product:           cnv
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0408
Issue date:        2023-01-24
CVE Names:         CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 
                   CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 
                   CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 
                   CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 
                   CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 
                   CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 
                   CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 
                   CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 
                   CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 
                   CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 
                   CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 
                   CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 
                   CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 
                   CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 
                   CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 
                   CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 
                   CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 
                   CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 
                   CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 
                   CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 
                   CVE-2022-37434 CVE-2022-40674 CVE-2022-42898 
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 4.12 is now available with updates
to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform. This advisory contains the following
OpenShift Virtualization 4.12.0 images:

Security Fix(es):

* golang: net/https: limit growth of header canonicalization cache
(CVE-2021-44716)

* kubeVirt: Arbitrary file read on the host from KubeVirt VMs
(CVE-2022-1798)

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS
(CVE-2021-38561)

* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

* golang: net/https: improper sanitization of Transfer-Encoding header
(CVE-2022-1705)

* golang: go/parser: stack exhaustion in all Parse* functions
(CVE-2022-1962)

* golang: math/big: uncontrolled memory consumption due to an unhandled
overflow via Rat.SetString (CVE-2022-23772)

* golang: cmd/go: misinterpretation of branch names can lead to incorrect
access control (CVE-2022-23773)

* golang: crypto/elliptic: IsOnCurve returns true for invalid field
elements (CVE-2022-23806)

* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

* golang: syscall: faccessat checks wrong group (CVE-2022-29526)

* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

* golang: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working (CVE-2022-32148)

* golang: crypto/tls: session tickets lack random ticket_age_add
(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

RHEL-8-CNV-4.12

==============

bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89

3. Solution:

Before applying this update, you must apply all previously released errata
relevant to your system.

To apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/https: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/https: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift  Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

5. References:

https://access.redhat.com/security/cve/CVE-2015-20107
https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2020-0256
https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2021-0308
https://access.redhat.com/security/cve/CVE-2021-38561
https://access.redhat.com/security/cve/CVE-2021-44716
https://access.redhat.com/security/cve/CVE-2021-44717
https://access.redhat.com/security/cve/CVE-2022-0391
https://access.redhat.com/security/cve/CVE-2022-0934
https://access.redhat.com/security/cve/CVE-2022-1292
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-1586
https://access.redhat.com/security/cve/CVE-2022-1705
https://access.redhat.com/security/cve/CVE-2022-1785
https://access.redhat.com/security/cve/CVE-2022-1798
https://access.redhat.com/security/cve/CVE-2022-1897
https://access.redhat.com/security/cve/CVE-2022-1927
https://access.redhat.com/security/cve/CVE-2022-1962
https://access.redhat.com/security/cve/CVE-2022-2068
https://access.redhat.com/security/cve/CVE-2022-2097
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-3787
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-23772
https://access.redhat.com/security/cve/CVE-2022-23773
https://access.redhat.com/security/cve/CVE-2022-23806
https://access.redhat.com/security/cve/CVE-2022-24795
https://access.redhat.com/security/cve/CVE-2022-25308
https://access.redhat.com/security/cve/CVE-2022-25309
https://access.redhat.com/security/cve/CVE-2022-25310
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2022-28131
https://access.redhat.com/security/cve/CVE-2022-29526
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-30629
https://access.redhat.com/security/cve/CVE-2022-30630
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/cve/CVE-2022-30632
https://access.redhat.com/security/cve/CVE-2022-30633
https://access.redhat.com/security/cve/CVE-2022-30635
https://access.redhat.com/security/cve/CVE-2022-30698
https://access.redhat.com/security/cve/CVE-2022-30699
https://access.redhat.com/security/cve/CVE-2022-32148
https://access.redhat.com/security/cve/CVE-2022-32206
https://access.redhat.com/security/cve/CVE-2022-32208
https://access.redhat.com/security/cve/CVE-2022-34903
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-40674
https://access.redhat.com/security/cve/CVE-2022-42898
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH
ipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK
xIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv
cV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH
3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s
xfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb
OWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln
moRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy
xIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x
eOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs
RvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94
5HLmWeHmkTg=
=Nw07
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-0408:01 Important: OpenShift Virtualization 4.12.0 Images

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements

Summary

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/https: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/https: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

Solution

Before applying this update, you must apply all previously released erratarelevant to your system.To apply this update, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important

Package List

Severity
Advisory ID: RHSA-2023:0408-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0408
Issued Date: : 2023-01-24
CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-40674 CVE-2022-42898

Topic

Red Hat OpenShift Virtualization release 4.12 is now available with updatesto packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1719190 - Unable to cancel live-migration if virt-launcher pod in pending state

2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume

2030801 - CVE-2021-44716 golang: net/https: limit growth of header canonicalization cache

2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error

2040377 - Unable to delete failed VMIM after VM deleted

2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed

2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value

2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

2060499 - [RFE] Cannot add additional service (or other objects) to VM template

2069098 - Large scale |VMs migration is slow due to low migration parallelism

2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass

2071491 - Storage Throughput metrics are incorrect in Overview

2072797 - Metrics in Virtualization -> Overview period is not clear or configurable

2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers

2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering

2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group

2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode

2086551 - Min CPU feature found in labels

2087724 - Default template show no boot source even there are auto-upload boot sources

2088129 - [SSP] webhook does not comply with restricted security context

2088464 - [CDI] cdi-deployment does not comply with restricted security context

2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR

2089744 - HCO should label its control plane namespace to admit pods at privileged security level

2089751 - 4.12.0 containers

2089804 - 4.12.0 rpms

2091856 - ?Edit BootSource? action should have more explicit information when disabled

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer

2093771 - The disk source should be PVC if the template has no auto-update boot source

2093996 - kubectl get vmi API should always return primary interface if exist

2094202 - Cloud-init username field should have hint

2096285 - KubeVirt CR API documentation is missing docs for many fields

2096780 - [RFE] Add ssh-key and sysprep to template scripts tab

2097436 - Online disk expansion ignores filesystem overhead change

2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP

2099556 - [RFE] Add option to enable RDP service for windows vm

2099573 - [RFE] Improve template's message about not editable

2099923 - [RFE] Merge "SSH access" and "SSH command" into one

2100290 - Error is not dismissed on catalog review page

2100436 - VM list filtering ignores VMs in error-states

2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

2100629 - Update nested support KBASE article

2100679 - The number of hardware devices is not correct in vm overview tab

2100682 - All hardware devices get deleted while just delete one

2100684 - Workload profile are not editable during creation and after creation

2101144 - VM filter has two "Other" checkboxes which are triggered together

2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode

2101167 - Edit buttons clickable area is too large.

2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id

2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state

2101390 - Easy to miss the "tick" when adding GPU device to vm via UI

2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id

2101423 - wrong user name on using ignition

2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page

2101445 - "Pending changes - Boot Order"

2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user

2101499 - Cannot add NIC to VM template as non-priv user

2101501 - NAME parameter in VM template has no effect.

2101628 - non-priv user cannot load dataSource while edit template's rootdisk

2101667 - VMI view is not aligned with vm and tempates

2101681 - All templates are labeling "source available" in template list page

2102074 - VM Creation time on VM Overview Details card lacks string

2102125 - vm clone modal is displaying DV size instead of PVC size

2102132 - align the utilization card of single VM overview with the design

2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?

2102256 - Add button moved to right

2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal

2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'

2102561 - sysprep-info should link to downstream doc

2102737 - Clone a VM should lead to vm overview tab

2102740 - "Save" button on vm clone modal should be "Clone"

2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab

2103807 - PVC is not named by VM name while creating vm quickly

2103817 - Workload profile values in vm details should align with template's value

2103844 - VM nic model is empty

2104331 - VM list page scroll up automatically

2104402 - VM create button is not enabled while adding multiple environment disks

2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed

2104424 - Enable descheduler or hide it on template's scheduling tab

2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted

2104480 - Alerts in VM overview tab disappeared after a few seconds

2104785 - "Add disk" and "Disks" are on the same line

2104859 - [RFE] Add "Copy SSH command" to VM action list

2105257 - Can't set log verbosity level for virt-operator pod

2106175 - All pages are crashed after visit Virtualization -> Overview

2106963 - Cannot add configmap for windows VM

2107279 - VM Template's bootable disk can be marked as bootable

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

2107374 - CVE-2022-1705 golang: net/https: improper sanitization of Transfer-Encoding header

2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions

2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode

2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip

2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

2108339 - datasource does not provide timestamp when updated

2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed

2109818 - Upstream metrics documentation is not detailed enough

2109975 - DataVolume fails to import "cirros-container-disk-demo" image

2110256 - Storage -> PVC -> upload data, does not support source reference

2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls

2111240 - GiB changes to B in Template's Edit boot source reference modal

2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics

2111328 - kubevirt plugin console crashed after visit vmi page

2111378 - VM SSH command generated by UI points at api VIP

2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`

2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)

2112900 - button style are different

2114516 - Nothing happens after clicking on Fedora cloud image list link

2114636 - The style of displayed items are not unified on VM tabs

2114683 - VM overview tab is crashed just after the vm is created

2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12

2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass

2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items

2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates

2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'

2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"

2117549 - Cannot edit cloud-init data after add ssh key

2117803 - Cannot edit ssh even vm is stopped

2117813 - Improve descriptive text of VM details while VM is off

2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs

2118257 - outdated doc link tolerations modal

2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format

2119069 - Unable to start windows VMs on PSI setups

2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24

2119309 - readinessProbe in VM stays on failed

2119615 - Change the disk size causes the unit changed

2120907 - Cannot filter disks by label

2121320 - Negative values in migration metrics

2122236 - Failing to delete HCO with SSP sticking around

2122990 - VMExport should check APIGroup

2124147 - "ReadOnlyMany" should not be added to supported values in memory dump

2124307 - Ui crash/stuck on loading when trying to detach disk on a VM

2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it

2124555 - View documentation link on MigrationPolicies page des not work

2124557 - MigrationPolicy description is not displayed on Details page

2124558 - Non-privileged user can start MigrationPolicy creation

2124565 - Deleted DataSource reappears in list

2124572 - First annotation can not be added to DataSource

2124582 - Filtering VMs by OS does not work

2124594 - Docker URL validation is inconsistent over application

2124597 - Wrong case in Create DataSource menu

2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile

2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state

2127787 - Expose the PVC source of the dataSource on UI

2127843 - UI crashed by selecting "Live migration network"

2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes

2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer

2128002 - Error after VM template deletion

2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards

2128872 - [4.11]Can't restore cloned VM

2128948 - Cannot create DataSource from default YAML

2128949 - Cannot create MigrationPolicy from example YAML

2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24

2129013 - Mark Windows 11 as TechPreview

2129234 - Service is not deleted along with the VM when the VM is created from a template with service

2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'

2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook

2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV

2130588 - crypto-policy : Common Ciphers support by apiserver and hco

2130695 - crypto-policy : Logging Improvement and publish the source of ciphers

2130909 - Non-privileged user can start DataSource creation

2131157 - KV data transfer rate chart in VM Metrics tab is not displayed

2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough

2131674 - Bump virtlogd memory requirement to 20Mi

2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11

2132682 - Default YAML entity name convention.

2132721 - Delete dialogs

2132744 - Description text is missing in Live Migrations section

2132746 - Background is broken in Virtualization Monitoring page

2132783 - VM can not be created from Template with edited boot source

2132793 - Edited Template BSR is not saved

2132932 - Typo in PVC size units menu

2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed

2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed

2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed

2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed

2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed

2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed

2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed

2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed

2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod

2134672 - [e2e] add data-test-id for catalog -> storage section

2134825 - Authorization for expand-spec endpoint missing

2135805 - Windows 2022 template is missing vTPM and UEFI params in spec

2136051 - Name jumping when trying to create a VM with source from catalog

2136425 - Windows 11 is detected as Windows 10

2136534 - Not possible to specify a TTL on VMExports

2137123 - VMExport: export pod is not PSA complaint

2137241 - Checkbox about delete vm disks is not loaded while deleting VM

2137243 - registery input add docker prefix twice

2137349 - "Manage source" action infinitely loading on DataImportCron details page

2137591 - Inconsistent dialog headings/titles

2137731 - Link of VM status in overview is not working

2137733 - No link for VMs in error status in "VirtualMachine statuses" card

2137736 - The column name "MigrationPolicy name" can just be "Name"

2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly

2138112 - Unsupported S3 endpoint option in Add disk modal

2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals

2138199 - Win11 and Win22 templates are not filtered properly by Template provider

2138653 - Saving Template prameters reloads the page

2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail

2138664 - VM that was created with SSH key fails to start

2139257 - Cannot add disk via "Using an existing PVC"

2139260 - Clone button is disabled while VM is running

2139293 - Non-admin user cannot load VM list page

2139296 - Non-admin cannot load MigrationPolicies page

2139299 - No auto-generated VM name while creating VM by non-admin user

2139306 - Non-admin cannot create VM via customize mode

2139479 - virtualization overview crashes for non-priv user

2139574 - VM name gets "emptyname" if click the create button quickly

2139651 - non-priv user can click create when have no permissions

2139687 - catalog shows template list for non-priv users

2139738 - [4.12]Can't restore cloned VM

2139820 - non-priv user cant reach vm details

2140117 - Provide upgrade path from 4.11.1->4.12.0

2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project

2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user

2140627 - Not able to select storageClass if there is no default storageclass defined

2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user

2140808 - Hyperv feature set to "enabled: false" prevents scheduling

2140977 - Alerts number is not correct on Virtualization overview

2140982 - The base template of cloned template is "Not available"

2140998 - Incorrect information shows in overview page per namespace

2141089 - Unable to upload boot images.

2141302 - Unhealthy states alerts and state metrics are missing

2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations

2141494 - "Start in pause mode" option is not available while creating the VM

2141654 - warning log appearing on VMs: found no SR-IOV networks

2141711 - Node column selector is redundant for non-priv user

2142468 - VM action "Stop" should not be disabled when VM in pause state

2142470 - Delete a VM or template from all projects leads to 404 error

2142511 - Enhance alerts card in overview

2142647 - Error after MigrationPolicy deletion

2142891 - VM latency checkup: Failed to create the checkup's Job

2142929 - Permission denied when try get instancestypes

2143268 - Topolvm storageProfile missing accessModes and volumeMode

2143498 - Could not load template while creating VM from catalog

2143964 - Could not load template while creating VM from catalog

2144580 - "?" icon is too big in VM Template Disk tab

2144828 - "?" icon is too big in VM Template Disk tab

2144839 - Alerts number is not correct on Virtualization overview

2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten

2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.