what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2021-3598-01

Red Hat Security Advisory 2021-3598-01
Posted Sep 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3598-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-22543, CVE-2021-22555, CVE-2021-27218, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3609, CVE-2021-37576, CVE-2021-38201, CVE-2021-38575
SHA-256 | 3a62781802214e6eb77a0d28fc9fa05ebee3d12366b8219cccc000ace400db7e

Red Hat Security Advisory 2021-3598-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Virtualization 4.8.2 Images security and bug fix update
Advisory ID: RHSA-2021:3598-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3598
Issue date: 2021-09-21
CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555
CVE-2021-27218 CVE-2021-33195 CVE-2021-33197
CVE-2021-33198 CVE-2021-34558 CVE-2021-37576
CVE-2021-38201 CVE-2021-38575
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 4.8.2 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains the following OpenShift Virtualization 4.8.2 images:

RHEL-8-CNV-4.8
==============
kubevirt-vmware-container-v4.8.2-1
node-maintenance-operator-container-v4.8.2-1
bridge-marker-container-v4.8.2-1
kubemacpool-container-v4.8.2-1
virtio-win-container-v4.8.2-1
kubevirt-v2v-conversion-container-v4.8.2-1
hostpath-provisioner-container-v4.8.2-1
kubernetes-nmstate-handler-container-v4.8.2-1
cluster-network-addons-operator-container-v4.8.2-1
cnv-containernetworking-plugins-container-v4.8.2-1
hyperconverged-cluster-operator-container-v4.8.2-2
hostpath-provisioner-operator-container-v4.8.2-1
ovs-cni-marker-container-v4.8.2-1
hyperconverged-cluster-webhook-container-v4.8.2-2
ovs-cni-plugin-container-v4.8.2-1
kubevirt-template-validator-container-v4.8.2-2
kubevirt-ssp-operator-container-v4.8.2-2
cnv-must-gather-container-v4.8.2-3
vm-import-virtv2v-container-v4.8.2-4
vm-import-operator-container-v4.8.2-4
vm-import-controller-container-v4.8.2-4
virt-cdi-cloner-container-v4.8.2-2
virt-cdi-controller-container-v4.8.2-2
virt-cdi-operator-container-v4.8.2-2
virt-cdi-uploadproxy-container-v4.8.2-2
virt-cdi-uploadserver-container-v4.8.2-2
virt-cdi-apiserver-container-v4.8.2-2
virt-cdi-importer-container-v4.8.2-2
virt-launcher-container-v4.8.2-5
virt-api-container-v4.8.2-5
virt-handler-container-v4.8.2-5
virt-controller-container-v4.8.2-5
virt-operator-container-v4.8.2-5
hco-bundle-registry-container-v4.8.2-17

Security Fix(es):

* golang: net: lookup functions may return invalid host names
(CVE-2021-33195)

* golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)

* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)

* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://docs.openshift.com/container-platform/4.8/virt/upgrading-virt.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1953485 - [CNV-2.5] Manifests in openshift-cnv missing resource requirements - SSP
1957791 - [MTV][Warm] The migrated VM on target side should be powered off/on accordingly to the source VM's last power state during warm migration
1972819 - Failed, Pending and Scheduling VMs can not be stopped
1982143 - [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
1990065 - [4.8.2][network] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters
1991460 - Cannot get 'write' permission without 'resize': Image size is not a multiple of request alignment'
1993122 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/
1995050 - RHEL9 template - support level and description should be updated
1996110 - cdi importer fails for a CirrOS VM import to NFS (but not to Cepf-rbd/block)
1996660 - [4.8] Goroutine count and memory remains high after VMIs are removed
1997668 - [v2v] VM import from RHV should not be blocked for a non UTC Timezone.
1998818 - virt-handler Pod is missing xorrisofs command
1998983 - 4.8.2 containers
2000021 - [VMIO][RHV VM Import] 63 long char VM Name with more than 1 Disk results in DataVolumeCreationFailed
2001038 - Importer attempts to shrink an image in certain situations
2001069 - [4.8.z] Automatic size detection may not request a PVC that is large enough for an import

5. References:

https://access.redhat.com/security/cve/CVE-2021-3609
https://access.redhat.com/security/cve/CVE-2021-22543
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-27218
https://access.redhat.com/security/cve/CVE-2021-33195
https://access.redhat.com/security/cve/CVE-2021-33197
https://access.redhat.com/security/cve/CVE-2021-33198
https://access.redhat.com/security/cve/CVE-2021-34558
https://access.redhat.com/security/cve/CVE-2021-37576
https://access.redhat.com/security/cve/CVE-2021-38201
https://access.redhat.com/security/cve/CVE-2021-38575
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYUm9jNzjgjWX9erEAQj5ERAAlwei+1rByD0NbOnsl6V/N8336joQgWAw
YTaHbCzYC7188JJ2ucnup1wmPhjk1mWFzUGI+7GLNjnCAaBy3Eg3w5ZI86H1G7T6
0q3TOmTU8ezyr6JMryiw1v4aambVtB8g1K7XjNVQnKhKyJtsx7iuagyg9QMbVknU
i2uRANE/7GgL0Yv6jwPSgNjzArhW9TosXVfg+oYY9MQ8fAZyhdXxZKRnwwe0lHVk
NMwPppumF80lvraU/HwcYlkQrc9It5F62fm0NOvyvY0J3+V55+yeb5UeiBMeyFK4
++HIcxtktf/X7dBAfUkeqPoVYX/MkHxHCaYbEnXyVNK9m/8Z9HWOzzJ6YgFGZ7hE
FNnKyGG1ZXcOmWHZ2UBoVFOMLGcf907o6oaC6p3AfX6LVPTRb8E8Df7TS0TP3miS
BQmq+UnJG6mnO0xHtxmS+WJ1lh51LVaczJuMUHgpGOn8pCVkQIH4jx2tmSVkZN6O
0jOcW2Lg1YGX6Byfz9jcjaG2pRXGeos/JVJKEeWOVtiJcFQFRgEUNxJpeothOqi5
Dr1hJbtn/Ts4E8jDw3IrjfvjPC7f+IBU67fcT4FXHklkaYchZKLteaIAEMoy+w6h
GMxVU+aohcvVSfIXv6hi4S8hM6HAxEdklwX7nUP2AsjGDDS1ZKFZz/EleItz45MF
E1MQ2NdfNNY=
=vkzK
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close