Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
98
security advisoryprivilege escalationimportant updateRed Hat Virtualization 4.4.z SP 1 RHSA-2023:0859-01 Critical Update
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. An update for redhat-release-virtualization-host,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host 4.4.z SP 1 security update batch#4 (oVirt-4.5.3-4) Advisory ID: RHSA-2023:0859-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2023:0859 Issue date: 2023-02-21 CVE Names: CVE-2022-4139 CVE-2022-47629 CVE-2023-22809 ==================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linuxwith only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * libksba: integer overflow to code execution (CVE-2022-47629) * sudo: arbitrary file write with privileges of the RunAs user (CVE-2023-22809) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access 2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user 2161571 - CVE-2022-47629 libksba: integer overflow to code execution 2169971 - Rebase RHV-H 4.4 SP1 on RHEL 8.6.0.6 EUS 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: redhat-virtualization-host-4.5.3-202302150956_8.6.src.rpm x86_64: redhat-virtualization-host-image-update-4.5.3-202302150956_8.6.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.5.3-4.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.5.3-4.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.5.3-4.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.5.3-4.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-4139 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-22809 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/S5JtzjgjWX9erEAQixLw/8DGGe1gm/pFDqG9SlW2KQ5RPXVgN9GhP3 qdnQgCCpVwj7e1j63ccs9lRPOYxgbrfRM9PrcEGLgQaHlHK3G5n3kbxCPqfoUoWX TJaK1xz/oMY2L3KvS5Lle8F8RGBYWvVpXkrX9he6uTnY0t1T5QVl6ErACiVFGqGY 4AtZ8kBiAP/wal10BddqKA9xyQz1zyGq2r315T/Uy4EidIhpFad1PajBK4UwB2P2 tb8/0zd6K9dIrWA1Q/SNxzf0Ql+ZJ4Sy535SCNxL8Cx1+9yYxDOQ806vAAkbmK1H 7lotlNb5vJrLwypzsUVKTudw4b4JmZd3iieWtqImj/HnmCtKZ4jP8R5BF8uc6paa 3PCVRQRjtHoQTkv0yhZxP1ioxCOnLXdfVEAhQ6tqx/CxoJXalfejjUqeT0naoVRf B585R19VN0TGHK1cpXfleGxvnjdKSWrMgvOWgiFwvrvCntRz9ZS8p0OH5iHp6MTk mirqUo5tOKlK8AtXTch6Nu2W6eqMZYeDLlIcTcj4TMFNDJ2DG+UsfJq0+vbmSGGf N2rBhdxMq+Mq3HdLRWzzWzdVr5qX57GIFzT4X+4twUetuwsN26Mqm7k+vzslUl7a 9icWTJs08C3rnBmcKaIBPoB+n5tSfUwfNOpjvv2GYISvC1SNgR9tL/qHkAIODNls 8/EnbN1On2s=kBEn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 21, 2023
•Critical
Red Hat
98
security advisoryinteger overflowsecurity impactRed Hat Virtualization 4 RHSA-2022-9029-01 Critical: Integer Overflow Risk
An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3] Advisory ID: RHSA-2022:9029-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:9029 Issue date: 2022-12-14 CVE Names: CVE-2022-42898 ==================================================================== 1. Summary: An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing 2150769 - Rebase RHV-H 4.4 SP1 on RHEL 8.6.0.5 EUS 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: redhat-virtualization-host-4.5.3-202212070734_8.6.src.rpm x86_64: redhat-virtualization-host-image-update-4.5.3-202212070734_8.6.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.5.3-2.el8ev.src.rpm redhat-virtualization-host-productimg-4.5.3-2.el8.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.5.3-2.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.5.3-2.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.5.3-2.el8ev.x86_64.rpm redhat-virtualization-host-productimg-4.5.3-2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5n7DtzjgjWX9erEAQj17w/9FaRiyA23OwnSYeWN7ftu3so0+c6B/BoU isupIjceJlO5H/afTt3ChX/bPq5w/NT29dE+fdIbHtwm0vaGcNbfWJzm/86LaXs9 2oDUWaDKVyx06pOQmLL0jf7p93Uz62b+Nle9aQ/8Py4Gg34DrUwEUxHxORGkX30i k9DCLqmIbg8/atn86ZYfWwESXAiPwdE3T9osoBDg0NMPMOAUQ/td+uiVFAKm93zG uc9JRl9qc7sQhkrkji5HdAsxmA/f9+YDkkYx54z+suvCbdJYrEXSHDl6OUOhHj6e 11hnp/Jkn3Q8S/dkc7H/0oT48VhaCrKDb0uQ/dYPL/dhx3FnOwPLkQ8uqP+UpTEn ZfMY/qr06cZ3y4rjFMkLy3IW5A5b54GRudPl3taEUc3LMxmIb4pgpRC7qdzeG1Vc HDiycqKje4O265J3YMdyoSFPKa31BU/7tM49Unvug3NXoxpbQvrsA/SqZ64QkcB/ 4GwpZ6+WtE/rKMjk+pe6uOZpx8FRbT0xiQu5YuTUndGiZc2IfpdEMIBUeGHZeqCg m4Y5n2OzL/RnGr2we2sj/82fFBYyEeeZOvFclN8ApA3YKbQzdq8P9/XkNYKX/8UW OIernVPyGpWdjYEdzYIARDLdlfZMmXhZhoOaOu9u5UAb2dvY0gCpLr6yGvsIGwkY 2zmy9UC1q9w=/QT7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 14, 2022
•Important
Red Hat
98
security advisoryRed Hatcode executionRed Hat: RHSA-2022-1053 Important Update For Virtualization Host
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2 Advisory ID: RHSA-2022:1053-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:1053 Issue date: 2022-03-24 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separatorcharacters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Red Hat Virtualization Host was rebased on Red Hat Enterprise Linux 8.5.0.3. (BZ#2048407) * Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 2034626 - Upgrade elfutils to elfutils-0.185-1.el8 2048407 - Rebase RHV-H 4.4.10 on RHEL 8.5.0.3 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2057048 - consume libvirt fix for: Failed to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by Too many open files from libvirtd 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL8: Source: elfutils-0.185-1.el8.src.rpm redhat-virtualization-host-4.4.10-202203211649_8.5.src.rpm x86_64: elfutils-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debugsource-0.185-1.el8.x86_64.rpm elfutils-devel-0.185-1.el8.x86_64.rpm elfutils-libelf-debuginfo-0.185-1.el8.x86_64.rpm elfutils-libs-debuginfo-0.185-1.el8.x86_64.rpm redhat-virtualization-host-image-update-4.4.10-202203211649_8.5.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.4.10-3.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.4.10-3.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.10-3.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.4.10-3.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYjyObtzjgjWX9erEAQgVfRAAkn+C8psWL5puBda6ty9qD6KjY6BMGqH+ us3YStx9Dk/frDv1eRHtQd0pNNPfNNvah3Y/OraXEbX8DfiMczGL/3ESHXnlNl8b l0BE08QeJig4Q2WIOwcGyyB4jIepDt+bilDKSck+f84UN+mgk/Iqn8XvKE8WnRwk TebToONC7hwnSjdHt1XlF6pEqpAo5XOpwCfzpGNmVWvt3Ddgas2EE6eUkFNaKOBN UFe1ZTyvSgZpmr4Kxx7AoF3+CnnEJb8lCrRG71cVsPLHBAiwcEMOQN8yfCqj30il DhCWhchX7OcVwJBhOLUR87SheaUxhfLJAaieyW4gisbot5KbWZgM0GTt0Lr2/z7G CLuFzXwFZGjsljH7iXRjdDt/8D7CThMTF+6jkkW+jJuVYFyCh12OTAmSd9LJ8xB4 jfvj3ow7Gmrzn9QN67DcqTQ+DHWEvUScy8qfs0lAz1XatPi2tf2dNO/IxSdz/bV3 /mBkMOYbYPgSeT/6i7m2pp+3iXq6QZfAFIvVaqolVWZOuBbX8cU+XOUcrQvT+L5Y NNlrSJvxZ4VVaaHbqudizFYvkni12V8tQe7uPsNpTJi3iTc8ShtoTtGTiUPE7mff fhB9jEGy0yuIEg0VlokjRCEo5Q3D5xfPPQZeTOEiAciksQJn6PhjR9MuaxtXEYqq +Ej7k5UtzjI=TqDc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 24, 2022
•Important
Red Hat
98
security advisoryRed Hatbug fixRed Hat: RHSA-2021-3235-01 Important Update for Virtualization Host
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7] Advisory ID: RHSA-2021:3235-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:3235 Issue date: 2021-08-19 CVE Names: CVE-2021-3609 CVE-2021-3621 CVE-2021-22543 CVE-2021-22555 ==================================================================== 1. Summary: An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe () * kernel:Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * sssd: shell command injection in sssctl (CVE-2021-3621) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rebase package(s) to version: 1.2.23 Highlights, important fixes, or notable enhancements: * imgbase should not copy the selinux binary policy file (BZ# 1979624) (BZ#1989397) * RHV-H has been rebased on Red Hat Enterprise Linux 8.4 Batch #2. (BZ#1975177) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1956284 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe 1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation 1975142 - CVE-2021-3621 sssd: shell command injection in sssctl 1975177 - Rebase RHV-H 4.4.7 on RHEL 8.4.0.2 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 1989397 - Upgrade imgbased to 1.2.23 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: redhat-virtualization-host-4.4.7-20210804.0.el8_4.src.rpm x86_64: redhat-virtualization-host-image-update-4.4.7-20210804.0.el8_4.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (buildrequirements): Source: imgbased-1.2.23-1.el8ev.src.rpm redhat-release-virtualization-host-4.4.7-4.el8ev.src.rpm noarch: imgbased-1.2.23-1.el8ev.noarch.rpm python3-imgbased-1.2.23-1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.7-4.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.7-4.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-3621 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYSe+UdzjgjWX9erEAQiXiw//eHCSP2K6rKyvQS4FFEG0iYTS1rzw9ZiQ yfVh+zHJTh0HobCiDUCtzZ22D4OproKM3lq/Rdn8XQXarZvYGEKJLxvSFrJdxVtT 9AFUWo/eR53E/dBd879bKOAgXeuPaC+2oezp14RhKeqZ+232vqSBYiMUyH/jVX26 WHJOFx3AcJ2OZNZTwD4czcxJ17Cn6phV8k+9pSk1GiV47TptiC9vUse2qLZru/uF bD5NBvbieSNn7mckVtwidO2Zd+bCCLRagy9ZpY07PDjUrtfjlOp/lbH0WQ7f4EDq 3YhMwYdAcihyOJTJYbDCtKVPibuP7ZtYiYJu8HC3Ws80dQuUwn8czbwCRPLKW9iM nyHKJ+qVUcgSglOPXtmTZHRbUYPqzOPD/dIzj5yS4yEqYEhSf+Zu8lZkQEFGiLRN RT7PeoRFEmS1wRU3xCStKEMd7sDh2TAAD7oKZiCxjhQC8Q/iU/1EAC5STFLfe2v0 7WuCYXGq1CG/MmGEXJ96xbu6kDcPohDt9c6NoCBStfUIe47bhz/yFzM9OmHslDtZ BzuLA7GC3KAmxohZO0RsEhloDwmvb33VMsMBuLOg0NKSd9fyWVDYgXa2JuVjmmCC J2UN/lT86xjVNriHuIvEZHacwINWvfkqo7SPj1flW3XGFf4FBUk4iv3QHFT90Yqq 4UqtoNsVI1E=P8fw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 26, 2021
•Important
Red Hat
98
security advisoryRed HatimportantRed Hat RHEV-H 4: RHSA-2021-2737-01 Important: Kernel Security Fix
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: RHV-H security update (redhat-virtualization-host) 4.3.17 Advisory ID: RHSA-2021:2737-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:2737 Issue date: 2021-07-21 CVE Names: CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more detailsabout the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 7: Source: redhat-virtualization-host-4.3.17-20210713.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.17-20210713.0.el7_9.noarch.rpm RHEL 7-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.3.17-1.el7ev.src.rpm redhat-virtualization-host-4.3.17-20210713.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.17-20210713.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.17-1.el7ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.3.17-1.el7ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYPgqu9zjgjWX9erEAQiBuQ//QtToghUfCp2L+hwNrZNUsx6o+CiEegH2 40TqP4SfhX4VWdoUmFXPWowjLBP1YAI5F7Ojw9SPUc7v9KHErfI/UUXMZdxOWBLO 44l3T85DY+6OcrfHd+/nFZtsmlX43kb8SXLMy8DwMvy9Y6kz+kI6+4PSpFCt0/ej KKztO5w/B/VIl11NQGCpIulIFkDtJnQsaTS1Xb097LQxra+XCx21unGp/B10AeKq X31rSDMQPEyYw0/4Y4hJKwJoC/6Fl0B98oeAS4az/UH5Y5AB2CL3xly6rxX0nk8P sf+zJuzEQHHdI3Bc42XKAyHHEVBHGFQL3slLJP6Z4zWBVAo37Qt4x1Y9nnaLBXxG 1xuQX867BZo+IRynXBXaeahx352xoUJveS0J7Ugo7eJgN+MuLzTi9ubjasVoyZPS Fa+GS8EpH/OJcZfhqCwGEw+zJHHM8n4U1ppFJbL9bdiADFNtybneWkH8+ETHQgMR vtonexptm3dAB4bAa3M1utvVzb8USNZQMuE7YyqnpyCJCezwSdG7gtfvoEvZ5xxq uIjExr+NdxRxo9PNxF8YqksHKFo14+fUhkSD44QsOET6GIMqQqN7MQZOBd7WiYYc kjf3/3Jshn7DLmyrbEhWr5ftPPFNA29VqgGRUvFZ02IIWNB5Rc1M6NJihzHBEXVM MspPISMNxv8=6ROG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 21, 2021
•Important
Red Hat
98
security advisorydenial of serviceRed HatRed Hat: RHSA-2021:0976-01 Moderate: Denial Of Service Risk
An update for imgbased, redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2) Advisory ID: RHSA-2021:0976-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0976 Issue date: 2021-03-23 CVE Names: CVE-2020-27827 ==================================================================== 1. Summary: An update for imgbased, redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red HatVirtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.4.4), redhat-virtualization-host (4.4.4) Changes to the imgbased component: * Previously, the chronyd symlink was removed during the upgrade process. As a result, the chronyd service was disabled following the upgrade. In this release, the chronyd service is enabled after upgrade. (BZ#1903777) Security Fix(es): * lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1903777 - chronyd is disabled after upgrading RHV-H 4.4.2 -> 4.4.3 1915877 - Rebase RHV-H 4.4.4 on RHEL 8.3.1 1916659 - Upgrade imgbased to 1.2.16 1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak 1932763 - Rebase RHV-H 4.4.4 on FDP 2.11 (21B) 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: redhat-virtualization-host-4.4.4-20210307.0.el8_3.src.rpm noarch: redhat-virtualization-host-image-update-4.4.4-20210307.0.el8_3.noarch.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.4.4-2.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.4.4-2.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.4-2.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and detailson how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-27827 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFo5HtzjgjWX9erEAQhMtg//Wr6sNIkXoFWvB1Rf6IrjG6mumtZtQROR 7AucVC7FRmoyeqy+HiURXUdyBT4JiapEswPlEqI5Lg1s1pIfm0ONf4vf8CAXr6in u8T6LHR4rREldydYTFoW15KV7fl5O1pKV0m+xsmx6a8Ark9CZvA31x5rdexYEPHI GDjUOc7jh+CF+j+OGsA5mOLoEGTdxSX3j8Wr1rFuTDw+9ceIvddLAPXymc6NVhf7 5NCkRkcDeD/8PPjYYSBE+3c98uANPKGAb0HV+g20wZ46Qn7Jz+gLOYz7RrGDsGH0 yNzGdbZdovCdFkjNp852WswWzK3IK7Qrd3ow52mgweMlqxIMXJ/X7500D94DDiAs F1pkS+qKRdlR6RHfH5yuTBcugmTghDKkrt1+zsXdOja+/f5+Pc3JRIhz6wZIjEsC ZYezIyFhWjQHlkakmMRzdlFXboBNhBr5mGn7z2t0E2aoz/1j+tG7UbIp++HXFxqq 2hdIKGbCn/ETbKE5z3YEq+9Sndezg0GUsSpJTO2R8xre/O3P9bKdSphSF4e4gk0U CTjVTC1BrKUVQ5REb1trJqTHLHk6/igSg24Glez8ztE0WrKc2ncw0NYx8dDYtU7O XTrP6O6oPxU9zTd+22Dh5L/hVLsXndkBZSsoAdKoRBQ51P0WZlxNWObehIz3ZRhf Q5Xmbi8UbaY=QNMM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2021
•Important
Red Hat
98
security advisoryRed Hatbuffer overflowRed Hat RHSA-2021:0401-01 Important: DNS Exploits and Buffer Overflow
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4] Advisory ID: RHSA-2021:0401-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0401 Issue date: 2021-02-03 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2021-3156 ==================================================================== 1. Summary: An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * sudo:Heap buffer overflow in argument parsing (CVE-2021-3156) * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install. With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1850939 - Hosted engine deployment does not properly show iSCSI LUN errors1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failedwith "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 6. Package List: Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts: Source: cockpit-ovirt-0.14.17-1.el8ev.src.rpm noarch: cockpit-ovirt-dashboard-0.14.17-1.el8ev.noarch.rpm Red Hat Virtualization 4 Hypervisor for RHEL8: Source: redhat-virtualization-host-4.4.4-20210201.0.el8_3.src.rpm samba-4.12.3-12.el8.3.src.rpm sssd-2.3.0-9.el8.src.rpm noarch: python3-sssdconfig-2.3.0-9.el8.noarch.rpm redhat-virtualization-host-image-update-4.4.4-20210201.0.el8_3.noarch.rpm x86_64: libipa_hbac-2.3.0-9.el8.x86_64.rpm libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm libsmbclient-4.12.3-12.el8.3.x86_64.rpm libsmbclient-debuginfo-4.12.3-12.el8.3.x86_64.rpm libsss_autofs-2.3.0-9.el8.x86_64.rpm libsss_autofs-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_certmap-2.3.0-9.el8.x86_64.rpm libsss_certmap-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_idmap-2.3.0-9.el8.x86_64.rpm libsss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_nss_idmap-devel-2.3.0-9.el8.x86_64.rpm libsss_simpleifp-2.3.0-9.el8.x86_64.rpm libsss_simpleifp-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_sudo-2.3.0-9.el8.x86_64.rpm libsss_sudo-debuginfo-2.3.0-9.el8.x86_64.rpm python3-libipa_hbac-2.3.0-9.el8.x86_64.rpm python3-libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm python3-libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm python3-libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm python3-sss-2.3.0-9.el8.x86_64.rpm python3-sss-debuginfo-2.3.0-9.el8.x86_64.rpm python3-sss-murmur-2.3.0-9.el8.x86_64.rpm python3-sss-murmur-debuginfo-2.3.0-9.el8.x86_64.rpm samba-debuginfo-4.12.3-12.el8.3.x86_64.rpm samba-debugsource-4.12.3-12.el8.3.x86_64.rpm sssd-2.3.0-9.el8.x86_64.rpm sssd-ad-2.3.0-9.el8.x86_64.rpm sssd-ad-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-client-2.3.0-9.el8.x86_64.rpm sssd-client-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-common-2.3.0-9.el8.x86_64.rpm sssd-common-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-common-pac-2.3.0-9.el8.x86_64.rpm sssd-common-pac-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-dbus-2.3.0-9.el8.x86_64.rpm sssd-dbus-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-debugsource-2.3.0-9.el8.x86_64.rpm sssd-ipa-2.3.0-9.el8.x86_64.rpm sssd-ipa-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-kcm-2.3.0-9.el8.x86_64.rpm sssd-kcm-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-krb5-2.3.0-9.el8.x86_64.rpm sssd-krb5-common-2.3.0-9.el8.x86_64.rpm sssd-krb5-common-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-krb5-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-ldap-2.3.0-9.el8.x86_64.rpm sssd-ldap-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-libwbclient-2.3.0-9.el8.x86_64.rpm sssd-libwbclient-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-nfs-idmap-2.3.0-9.el8.x86_64.rpm sssd-nfs-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-polkit-rules-2.3.0-9.el8.x86_64.rpm sssd-proxy-2.3.0-9.el8.x86_64.rpm sssd-proxy-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-tools-2.3.0-9.el8.x86_64.rpm sssd-tools-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-winbind-idmap-2.3.0-9.el8.x86_64.rpm sssd-winbind-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: imgbased-1.2.16-0.1.el8ev.src.rpm redhat-release-virtualization-host-4.4.4-1.el8ev.src.rpm noarch: imgbased-1.2.16-0.1.el8ev.noarch.rpm python3-imgbased-1.2.16-0.1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.4-1.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.4-1.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYBrMFtzjgjWX9erEAQhLyg//QeuuLd9ARm9ImsGVCZQZmnSnwoeLU5q4 nYjZRw5CLGOuw23qJv17Dj658650+v90lD4JWKUPlSbCnubhmct+WvlbDUG9XX0X gjrtn4cEmFRz3dMEbMr1kWLtGuzRIR63l6yM+H/5Ucw5Q0AqzddYgGi6kcY2ec4I yC2ebejLzBcmRSlObitcgUc2kuLICYFQHCgW0P4dvukE3+B9Ga1l81G3rTtM5H/4 UkpUxoQLXxSMLAyx/3IB0rElvsGCZVqLKSCgUZysgBi+RN1DtyFzF4+Eplc2LGKq yMVI5hPioccorQk1X0102gi0H8yJhVeakn9KEVr4iX+ZrMYhNcMOSAr+mZlKZqjx TwHxyyyUKCekfMWM83dyLRQb18hh32FZCftAsRmKNTIJQ+g5u2nT8dKkaFkWU0NI +LgtMMtLeulg/40fObOuqdXQVp3lLVPLvhyUityGP4PPRrkXCaG3dJDGNIFJ96eU clx9EOpdtDDThmi3IHnN92vnYxcI+j14PY6822ho0LlGCIL9ORyiYVpFbK+yMR6+ UpMPXE0HPrfipVTkR2kDQilcwJTELiJYTqB1tsm/4C3ODt336zPDdcdRvpxGYX8j aNN1pf5K3tT5nN3ry0J7EvzB8cjT0tQTJWri/L4GywZlRRg58q7bqZbRDrzBwzNi md9bPrmC2GU=Sqsc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 03, 2021
•Important
Red Hat
98
security advisorybuffer overflowimportantCentOS Stream 8 RHSA-2023-0045-02 High: Memory Corruption
An update for openvswitch2.11, ovn2.11, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2021:0028-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0028 Issue date: 2021-01-06 CVE Names: CVE-2015-8011 ==================================================================== 1. Summary: An update for openvswitch2.11, ovn2.11, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 RHV-M 4.3 - x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performingadministrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: openvswitch2.11 (2.11.3), ovn2.11 (2.11.1), redhat-release-virtualization-host (4.3.12), redhat-virtualization-host (4.3.12). (BZ#1898513, BZ#1907537, BZ#1907538) Security Fix(es): * lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c (CVE-2015-8011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c 1898513 - Rebase RHV-H 4.3 EUS on RHEL-7.9.z #2 6. Package List: Red Hat Virtualization 4 Management Agent for RHEL 7Hosts: Source: openvswitch2.11-2.11.3-77.el7fdp.src.rpm ovn2.11-2.11.1-56.el7fdp.src.rpm ppc64le: openvswitch2.11-2.11.3-77.el7fdp.ppc64le.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.ppc64le.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.ppc64le.rpm ovn2.11-2.11.1-56.el7fdp.ppc64le.rpm ovn2.11-debuginfo-2.11.1-56.el7fdp.ppc64le.rpm ovn2.11-host-2.11.1-56.el7fdp.ppc64le.rpm ovn2.11-vtep-2.11.1-56.el7fdp.ppc64le.rpm python-openvswitch2.11-2.11.3-77.el7fdp.ppc64le.rpm x86_64: openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.x86_64.rpm ovn2.11-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-debuginfo-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-host-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-vtep-2.11.1-56.el7fdp.x86_64.rpm python-openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm Red Hat Virtualization 4 Hypervisor for RHEL 7: Source: redhat-virtualization-host-4.3.12-20201216.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.12-20201216.0.el7_9.noarch.rpm RHEL 7-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.3.12-4.el7ev.src.rpm redhat-virtualization-host-4.3.12-20201216.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.12-20201216.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.12-4.el7ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.3.12-4.el7ev.x86_64.rpm RHV-M 4.3: Source: openvswitch2.11-2.11.3-77.el7fdp.src.rpm ovn2.11-2.11.1-56.el7fdp.src.rpm x86_64: openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.x86_64.rpm ovn2.11-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-central-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-debuginfo-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-vtep-2.11.1-56.el7fdp.x86_64.rpm python-openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8011 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX/WeHtzjgjWX9erEAQhq4Q//fdcK49h4XI0Wjh6rSt4t1PtJEeirqeFh ptx1eYMvliONrHebCXjDgXYdMttVgotw26lu9kNzfHsTO/jtA6xkBEEKl5fAWjVL UZYSvy7OL/ht38OQ2hWmML5dUCqavFgA7Jf5SS7jtmnT7O9F7BhjanR7eWIP+eq7 jnx8p9PmywrVeKduh1ozBaBxicnOYzlD/ArTX3d+K5hmXVvDWH7wtL0c8HBpg6QB 5JbRY/86su+QnFN+BagqI27GiOcaGfqEDNSU5pMnxWslECA4PYXHf0OABbcRMebk mxHMP6ZhzZFq2f+paXAMy5dh5fCilJps979qCu5EFSbK2aVkYSEKvHqSyvk7pI+0 SLeU1/YxF5rnDmGGWIatKOMk5+0gMbe8bFZiJLbFkKeY3nzSyUCpoyswt1zWbxob gwmP9DDoH8z7LnDoHB8c7Q8iFQ+zsWMWr7LWt/q7nFNB1QtSKpnhC7EnaoAF4x7U ujHn74JgAAR+AVoMI6ScUDgOJn3Bn5TfhLpR0IzkYLN8bU1o+RgH4yClHgTG4axc kHqW+dMJxVqeXAfuy+1dpSr+NDx+wCAAvAGJxY7dfSTNEZY87h/0F4T6GsGbwpcA Kt7WQZoeyQa3RhihngnKQ3ppJCLXLnCC6247EylJg2KV11MZCs/LC61NwmC7T9UF lO2cuXmA6AI=o+f9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 06, 2021
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!