Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisorydenial of servicesecurity updateRedHat: RHSA-2023:0457-01 critical: Ansible Automation Platform Update
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Virtualization 4.12.0 Images security update Advisory ID: RHSA-2023:0408-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2023:0408 Issue date: 2023-01-24 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-40674 CVE-2022-42898 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images: Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang:net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referencessection. RHEL-8-CNV-4.12 ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89 3. Solution: Before applying this update, you must apply allpreviously released errata relevant to your system. To apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 -[SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts inAlerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while addingmultiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt pluginconsole is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates` 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" shouldnot be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to externalmanually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Namejumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1-> 4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give apermission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1-> 4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container 5.References: https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH ipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK xIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv cV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH 3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s xfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb OWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln moRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy xIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x eOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs RvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94 5HLmWeHmkTg=Nw07 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 25, 2023
•Important
Red Hat
98
security advisorymoderatered hatRed Hat: RHSA-2022:6527 moderate: OpenShift Virtualization Security Fix
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Virtualization 4.11.0 RPMs security and bug fix update Advisory ID: RHSA-2022:6527-02 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:6527 Issue date: 2022-09-14 CVE Names: CVE-2022-27191 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CNV 4.11 for RHEL 7 - x86_64 CNV 4.11 for RHEL 8 - x86_64 3. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.0 RPMs. Security Fix(es): * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2051902 - 4.11.0rpms 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 6. Package List: CNV 4.11 for RHEL 7: Source: kubevirt-4.11.0-643.el7.src.rpm x86_64: kubevirt-virtctl-4.11.0-643.el7.x86_64.rpm kubevirt-virtctl-redistributable-4.11.0-643.el7.x86_64.rpm CNV 4.11 for RHEL 8: Source: kubevirt-4.11.0-643.el8.src.rpm x86_64: kubevirt-virtctl-4.11.0-643.el8.x86_64.rpm kubevirt-virtctl-redistributable-4.11.0-643.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyMkzNzjgjWX9erEAQgG4RAAk4MHNM7335XuHsojYC7QkxUaHTkdHiLN kziuszf4kXR14nWZVCAdisOrTPMpl9m99WGsVvYdmwGkbJLQws+eSNDjrz3n81x+ sy+XJxKNKAUBejsbgoCeYDCUSe9M2ItUSkw6CNty3yEAgdAonC8RXOdiMly/0RzE OQpoA2sLENF+Bp8UUx82tv84uNae25cc3mx40qTtrJ6EFRBjB3V4H00yi4SAGcan Hf+ebQnpw3dfwRgQ3aRjD80Q5EMKPZeEF5CxfnJcMCKmuVt1tPEyQ/Zxgs9/rqQV Gn2IKn6+yA1uC5h+968yb8TrVJtctThstWmkEds7TAKxIMZVszRXi7uaUjG/w0FZ QPAjzm/zSIkl3v2J2Vz3k1/FXPpAMoqUvm7yFBft9AonfJkz3l5+HUydpxL/K6iO PuTK1oJeblZ80lA7TnrnFl4h8P81VWRhmuF1Gjw2cr1W21c2g+7In7YduXzxem60 6RGuay+cjdWmorHIPQEGShE5s6XXMfgtqEUiudSNH0EpKOO7WN46egNUMdWNJOIi Lb9BsINQVJW9YzSICbFc0HyNHLWAkD5PIQhvRgC3amvczMUnhwD4Touteas7Caf4 UEbPwIa2iFFiQ9B83kYwQEUVpNDfuOBhYsig8FtO3lO16o4NlIEbvPXhnG41kxFA TxAIVSVrto0=nuEE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 15, 2022
Red Hat
98
security advisorymoderatedenial of serviceRed Hat OpenShift Virtualization 4.10.1 RHSA-2022:4667-01 Moderate DoS
Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Virtualization 4.10.1 RPMs security and bug fix update Advisory ID: RHSA-2022:4667-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:4667 Issue date: 2022-05-18 CVE Names: CVE-2022-21698 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CNV 4.10 for RHEL 7 - x86_64 CNV 4.10 for RHEL 8 - x86_64 3. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.10.1 RPMs. Security Fix(es): * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * 4.10.1 rpms (BZ#2065755) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply thisupdate, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2065755 - 4.10.1 rpms 6. Package List: CNV 4.10 for RHEL 7: Source: kubevirt-4.10.1-489.el7.src.rpm x86_64: kubevirt-virtctl-4.10.1-489.el7.x86_64.rpm kubevirt-virtctl-redistributable-4.10.1-489.el7.x86_64.rpm CNV 4.10 for RHEL 8: Source: kubevirt-4.10.1-489.el8.src.rpm x86_64: kubevirt-virtctl-4.10.1-489.el8.x86_64.rpm kubevirt-virtctl-redistributable-4.10.1-489.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYoWMktzjgjWX9erEAQgyFA/8DIMP4f+xqWaMEn4gBHrml6OvQvX3VvWH ZhhBozmF+4rMSj7OPQmZWDCPwxBRwL2X4Kl9Tj12RMR8/yjlQjfb8QnvVEsQDiQx wrzjH/fIFrguVntn7xzUWp1bF6ILCTjrpNp7s8mK/MP6UOEIVFXT3CYTOR3R0Vjk rK5yM1w0CNxzk2kXx7nQm7UHms+CEVBTJDsYY4lFZwkoXC2gYepWQeLrF2QwBcNL dNyzZE404VF0DQoC3UtKD6tNqOTx/iVGfqnRYTEPSdxVuSDPJnjsorcHYruGwpY7 NkaYUZWVnyUVyL9moFAETC3editDwM2qvCOU6sJjgs1g9v8FygkTWCPBYyUQXRgr hBdnoNilb1GPhGDWT1fkZ5020iVnjgVDlEqI4NCTVwzvnpjVMocZykCSFi3EkPKD Gssf+tdZEtIIsDPTfPdQNJmflh4SB462ZRwQQ7kRgYw1qLtqQqP+zNkZrOrZrmdu II7bhD9Zk8RGYGFWIq2ffp5Xqh93C2tu9AZ3gI/jiIj4flB5zEu5tILYpxjRT4pL 4hESeuJ8G2ctP8Z1Rv7VaY1VDcaf84uujvPquOb15JE15vfxJ3E0YNgXQNhBx1Li xyD3g1LUIhOGbBRQ4a2WziR3IiD8SCrIs8s+WFgzDhacVQKXBPSkv0J9qLoH9Jxn bARoPlu+u4E=lItE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2022
Red Hat
98
security advisorymoderatered hatOpenShift 4.10.0 Advisory: RHSA-2022:0947 Moderate Security Issues
Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update Advisory ID: RHSA-2022:0947-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:0947 Issue date: 2022-03-16 CVE Names: CVE-2021-29923 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 CVE-2021-36221 CVE-2021-44716 CVE-2021-44717 CVE-2022-24407 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization4.10.0 images: RHEL-8-CNV-4.10 ============= kubevirt-velero-plugin-container-v4.10.0-8 virtio-win-container-v4.10.0-10 kubevirt-template-validator-container-v4.10.0-16 hostpath-csi-driver-container-v4.10.0-32 hostpath-provisioner-container-v4.10.0-32 hostpath-provisioner-operator-container-v4.10.0-62 cnv-must-gather-container-v4.10.0-110 virt-cdi-controller-container-v4.10.0-90 virt-cdi-apiserver-container-v4.10.0-90 virt-cdi-uploadserver-container-v4.10.0-90 virt-cdi-uploadproxy-container-v4.10.0-90 virt-cdi-operator-container-v4.10.0-90 virt-cdi-cloner-container-v4.10.0-90 virt-cdi-importer-container-v4.10.0-90 kubevirt-ssp-operator-container-v4.10.0-50 virt-api-container-v4.10.0-217 hyperconverged-cluster-webhook-container-v4.10.0-133 libguestfs-tools-container-v4.10.0-217 virt-handler-container-v4.10.0-217 virt-launcher-container-v4.10.0-217 virt-artifacts-server-container-v4.10.0-217 virt-controller-container-v4.10.0-217 node-maintenance-operator-container-v4.10.0-48 hyperconverged-cluster-operator-container-v4.10.0-133 virt-operator-container-v4.10.0-217 cnv-containernetworking-plugins-container-v4.10.0-49 kubemacpool-container-v4.10.0-49 bridge-marker-container-v4.10.0-49 ovs-cni-marker-container-v4.10.0-49 ovs-cni-plugin-container-v4.10.0-49 kubernetes-nmstate-handler-container-v4.10.0-49 cluster-network-addons-operator-container-v4.10.0-49 hco-bundle-registry-container-v4.10.0-696 Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic(CVE-2021-34558) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1760028 - CPU compatibility is not checked when migrating host-model VMs 1855182 - [Storage] Clone could not be continued after virtctl stop the vm if the clone dv have been created for more than 3 minutes 1906151 - High CPU/Memory usage of Kube API server following a CNV installation 1918294 - VM created from template when OCS is default SC fails to start on "source volumeMode (Block) and target volumeMode (Filesystem) do not match" 1935217 - [CNV-2.5] Manifests in openshift-cnv missing resource requirements - Storage 1945586 - CPU pinning is incorrect after live migration 1958085 - No option to deploy the templates to a non-shared (non default) namespace 1959039 - must-gather doesn't collect iptables info of CNV VM anymore 1975978 - canary-release-openshift-origin-installer-e2e-aws-4.7-cnv is permfailing 1983079 - No "permittedHostDevices" section in HCO CR, allows any hostdevice in the VM spec. 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1986970 - Node outages can lead to (legitimate) mass restarts of VMs which can block our controller 1987009 - [tracker] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1990061 - [virt] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1992231 - hostpath-provisioner Pods are not created 1993454 - Improve ImageIO import performance 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 1997540 - Missing kcs: OpenShift Virtualization limits 1998300 - CNV VMs do not contain the cluster domain name in the FQDN 1999110 - 4.10.0 containers1999636 - 4.10.0 rpms 2000480 - Using depreacted 1.25 API calls 2001984 - VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a PVC 2001987 - VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a DV 2002272 - Unable to LiveMigrate a VM with nonroot VirtLauncher Pod 2003704 - Switch live migration to use unix sockets 2007397 - Unexpected killing of virt-launcher pod, can result in loss of data for hotplugged volumes 2008140 - [4.10.0] CNV fails to deploy due to unavailable SSP virt-template-validator 2008411 - [4.10.0] SSP operator creates kubevirt-os-images instead of openshift-virtualization-os-images namespace 2008938 - missing spec.priorityClassName for pod hyperconverged-cluster-cli-download 2008949 - Multiple storage pods are missing spec.priorityClassName 2008975 - v4.10.0-142 CNV contains outdated ssp-operator and virt-template-validator 2010540 - HCO.status.relatedObjects are not getting updated with correct resourceVersion of reconciled resources 2010908 - [MTV] VM remains in printableStatus: Provisioning in cold migration 2012920 - nncp in progressing state forever when cluster is having Windows node 2013160 - Create an offline VM with storageClass HPP is always in 'Provisioning‘ status 2013455 - Guest agent reportsunreliable status when mac address is changed 2015327 - hostpath-provisioner pods do not have any resources.requests values set up 2017255 - Migration of VM doesn't clean up the target pod in time in case of failed migration 2018457 - Windows high performance templates should use virtio storage 2018925 - Metric kubevirt_vmi_memory_used_total_bytes is not reporting correct value 2018970 - RHEL9 alpha template - support level is "Full" 2019053 - DV with immediate bind remains in WaitForFirstConsumer 2021992 - [cnv-4.10.0] After upgrade, live migration is Pending 2025295 - Windows VMs fail to start on air-gapped environments for non-admin users2025750 - must-gather | nft files are not collected for nodes 2025878 - The import cron pod is not deleted after delete the dataimportcron if the import is failed 2026336 - [SNO] We see multiple replicas of virt-api, virt-controller and virt-operator. 2026363 - kubemacpool is rotating kubernetes-nmstate certificates 2026665 - Unable to ssh to a VM when running with Service Mesh 2026667 - Alerts: SSPDown and SSPTemplateValidatorDown are constantly in Firing state 2027420 - [SNO] SR-IOV operator fails to install after CNV is installed 2027922 - Typo on LowKVMNodesCount summary 2029343 - High performance VM fail to start on libvirt error (kvm-hint-dedicated) 2029767 - Enactment goes to pending even when maxunavailable is set to 100% in nncp 2030660 - ImageSteam rhel8-guest and rhel9-guest are managed by HCO but they are not getting reconciled 2030686 - must-gather | missing SRIOV namespace subdir under collected dir 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2031033 - VM migration from VMware fail on missing v2v-vmware ConfigMap in OCP-4.10/CNV-4.10 2031688 - hostpath-provisioner-operator deployment is referencing upstream images 2031727 - [CNV-4.10] kubemacpool & nmstate pods stuck in pending state 2031919 - [SNO] we cannot cleanly remove the product onSNO due to kubevirt apiservices leftovers2032045 - When alert VirtControllerRESTErrorsHigh triggered it keeps in Firing state for hours (even when there are no failed api calls anymore) 2032845 - SSP CR | reason field's value in SSP CR status.conditions is not CamelCased 2032873 - [4.9] Windows VMs fail to start on air-gapped environments for non-admin users2032876 - [4.8] Windows VMs fail to start on air-gapped environments for non-admin users2033240 - Templates golden image parameters names should be updated 2033252 - nncp changing it's status between "ConfigurationProgressing" to "SuccessfullyConfigured" every few minutes 2034544 - disk.img file is resized up for HPP and NFS storage classes 2035008 - Auto-update boot sources: CDI tries to import even when a PVC already exists; dataSources are not updated 2035324 - Trying to uninstall CNV with `uninstallStrategy: RemoveWorkloads` and existing workloads lefts the system in a corrupted state 2035658 - NMPolicy can't replace strings using captures, making teardown not possible 2035677 - Windows10 VM with CDROM migration fails 2036220 - Recommended disk image url is outdated in Fedora 33+ template description 2036483 - HCO Enablement | reconciliation error adding a custom cron template 2036605 - Auto-update boot sources: DataSource Ready status is not updated if there's no DataImportCron associated with it 2037270 - Auto-update boot sources: CentOs and Fedora DVs fail to import due to docker references 2037290 - Dataimportcron keeps re-creating when enable the feature gate 2037312 - CNV occasionally cannot be removed due to leftovers dataImportCrons 2037421 - SSP default log level should be set to "info" 2038679 - Clone with volume mode file system using Storage API fails 2038825 - Ubuntu, centos6 and opensuse templates should be removed from common templates bundle in downstream 2038831 - SAP HANA template should not contain evictionStrategy: LiveMigrate 2038985 - No feedback when HPP path is sharing host filesystem 2039196 - DataImportCron with imagestreamsource does not support image tags 2039208 - Recording Rule "kubevirt_vm_container_free_memory_bytes" is not working 2039489 - KubePersistentVolumeFillingUp Firing for VM disk Filesystem PVCs 2039683 - HANA Template - remove default values for network names 2039686 - SAP HANA template - container disk registry should be updated 2039691 - SAP HANA template - set node label instead of node for node selection 2040113 - The component value of virt-operator label is different with other virt components 2040115 - Labels "part-of" and "version" in virt components are missing 2041519 - Custom DataImportCron with the same name as CNV-provided DataImportCron can be added via HCO overwriting configuration 2041530 - HPP CSI CR can't be deleted if it's a combination of a basic storage pool, and a pvcTemplate 2042139 - HPP-operator reconciling CSI even if nothing is happening 2042799 - All existing templates are marked as deprecated after CNV upgrade 2042842 - SAP HANA template - SR-IOV NICs should not specify model virtio 2042856 - Getting 'jq' error while running 'must-gather' command. 2042880 - 'yq' command is missing in downstream must-gather image. 2042908 - hotplugs not included in VMSnapshot 2044348 - VM with ocs-storagecluster-cephfs sc keeps in CrashLoopBackOff 2044398 - SSP should not update DataSource managed by DataImportCron 2046271 - virt-cdi-importer fails to import a VM image when clusterwide proxy configured 2048227 - Common templates - DATA_SOURCE_NAMESPACE value should be updated in d/s 2048275 - HPP mounter deployment crashes on parsing lsblk output 2051105 - DataSources, managed by DataImportCron, are not reconciled when edited 2051693 - DataSource (which has a golden image and was opted-in/out using cdi label) will be reconciled and will not actually be opted out 2051968 - virt-freezer binary missing from downstream virt-launcher 2052489 - KubevirtVmHighMemoryUsage is based on limit not request 2053027 - nmpolicy cannot clone IP config of the default NIC carrying static IPv6 2058167 - Post deploy on abaremetal cluster SSP is looping attempting to reconcile 5. References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjJSI9zjgjWX9erEAQgOHBAAlkzm8Bg5mdp2y/95FjjySTigxCiMcV9U 1+hC+WHS0ufzc0mUO8HqKIFSEjDiTKEqF3R00eorBeyfMiklyHlI7oOLs3TEF8Tr MRjNjKdV4bIfVG8m92PaIq9RbUyD5Pzk4P0xgbEABFNT4sdJI18RF826EJoUXxG1 ycBid2d0shEpQgGi0/CVvwsXkkOKQdi7Nsh4mi8U5XkvQ8BXD6k6UerD7QqD82By /uJzWaMJfbOex0ZzBWlXXyiZa4tWNbjJk9ULSKw27lqNaNN9jm5Ec2Jlz6X7JUvY iYu+dQuSuU7aIQGINAFJstKOU3MKas0xTVs5uqdJ/lyMHQfY9fpzLnm7yb883JO9 SLQoRmIjf7bja9vknlrv/3pLZQjIhRk7SUkTo36kTeB79N0AFFRywihomWPAWKnl GAzuaX1j9lUNhz/+UKtR8HHqL6F4OVqDU1qofF13Gw0E90ZTdVrVA0ioU6EFBYv5 gfijlSTEQGa3c/keSacR9zx2LAQd6jn5q3HRR4R2fYXOlsdv+M2oaqM6ai4ABGAa QLHlkth5ieKY9XuU3hJwd2a9/Ar2HeFcD2FfcRsx06/0g0WUaYphaFWuReDQwe3M xCAdSPhi8QysijleW3zOiIw2vFZvKeXTgMwbwlOvgJkK7eXHvO/VCtyFLigf57m3 ZNdx+ztsYEA=+jwg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 16, 2022
Red Hat
98
security advisorymoderatered hatRed Hat: RHSA-2021-4725 Moderate Patch for OpenShift Virtualization 2.6.8
Red Hat OpenShift Virtualization release 2.6.8 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Virtualization 2.6.8 Images security and bug fix update Advisory ID: RHSA-2021:4725-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2021:4725 Issue date: 2021-11-17 CVE Names: CVE-2020-25648 CVE-2021-3653 CVE-2021-3733 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-29923 CVE-2021-34558 CVE-2021-36222 CVE-2021-37750 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 2.6.8 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 2.6.8images: RHEL-8-CNV-2.6 =============kubevirt-v2v-conversion-container-v2.6.8-1 hyperconverged-cluster-webhook-container-v2.6.8-1 vm-import-controller-container-v2.6.8-1 kubevirt-cpu-model-nfd-plugin-container-v2.6.8-2 vm-import-operator-container-v2.6.8-1 kubevirt-cpu-node-labeller-container-v2.6.8-1 kubevirt-ssp-operator-container-v2.6.8-1 kubemacpool-container-v2.6.8-1 cluster-network-addons-operator-container-v2.6.8-1 virt-cdi-cloner-container-v2.6.8-1 virt-cdi-uploadproxy-container-v2.6.8-1 kubernetes-nmstate-handler-container-v2.6.8-1 ovs-cni-plugin-container-v2.6.8-1 ovs-cni-marker-container-v2.6.8-1 hostpath-provisioner-operator-container-v2.6.8-1 kubevirt-vmware-container-v2.6.8-2 kubevirt-template-validator-container-v2.6.8-2 kubevirt-kvm-info-nfd-plugin-container-v2.6.8-1 node-maintenance-operator-container-v2.6.8-1 vm-import-virtv2v-container-v2.6.8-1 hostpath-provisioner-container-v2.6.8-1 virt-cdi-uploadserver-container-v2.6.8-1 cnv-containernetworking-plugins-container-v2.6.8-1 virtio-win-container-v2.6.8-2 virt-cdi-controller-container-v2.6.8-1 virt-cdi-importer-container-v2.6.8-1 virt-cdi-apiserver-container-v2.6.8-1 virt-cdi-operator-container-v2.6.8-1 bridge-marker-container-v2.6.8-1 hyperconverged-cluster-operator-container-v2.6.8-1 cnv-must-gather-container-v2.6.8-5 virt-launcher-container-v2.6.8-5 virt-operator-container-v2.6.8-5 virt-api-container-v2.6.8-5 virt-controller-container-v2.6.8-5 virt-handler-container-v2.6.8-5 hco-bundle-registry-container-v2.6.8-23 Security Fix(es): * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1998844 - virt-handler Pod is missing xorrisofs command 2008522 - "unable to execute QEMU agent command 'guest-get-users'" logs in virt-launcher pod every 10 seconds 2010334 - VM is not able to be migrated after failed migration 2012328 - 2.6.8 containers2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 5. References: https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/cve/CVE-2021-3653 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYZVo59zjgjWX9erEAQirPRAAm575MMCcD+walsd8Wrc3dWwTbeyutKxJ HhKHJcCyh3aU6/BoQg/f+j4L/KJf7FMovIWvR9nNZOcLol1rTVmq4Ryo1kVVUGDf XQj1cClzDre7O6GIJnMkvTgvFFTjqT0PY2unBBzreWPQxpZDt0rvmrIuZPj6A+bF sPYu8Jx9DE6upV/aS/A4TJWD++Ya8OsSPvyqMi4dPbLTfI0ZXIi9ZS2VfW24jDn8 u6T/OU96b0IbDhuQIKglT578SE3YcgFRd7+8lH4JJZClSotz/JV1fluaTWyXvqj/ 3Pi8QGuPrGvdKXrm7GGkiTLblEQBFAD9a5ekc9GJ2771yfP8xFN1hDvMufQ7pcUT Z4Rrui+5dXvxoR3zrwAj8WSqdAoRMOYnA1I9MOxjI7G1GXqggPdp4w2AumLbH67v K5GFqUJOKj8cn6ZuLNEodWuqqHIFF2wmz0ca7hBJ5ujkAGviJ/Kz6LT/s9GGL+Sg JD95Rrngff43v2PgXSSmwjL3RP4lfxShU8ZqpPkVs0yCtX51PmwvbzGYp/G4Kj8m FQEcvIpY+g+Hw6kO2cE4p88cY+fx8E6Om/m4JFn0uqrBcLt/4hz0HmGnjrqOcRtd ZfgQ+dHdlRO0Ti7v0FeWlRi2YwOlQCDgQmJHTh/ajnAricp8hBgDlm+8KkAhiznO oSu1muNLgFw=23tA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 17, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!