- Issued:
- 2021-07-22
- Updated:
- 2021-07-22
RHSA-2021:2736 - Important: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7]
Synopsis
Important: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7]
Type/Severity
Security Advisory Important
Topic
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
-
kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
-
systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910)
-
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)
-
ansible: multiple modules expose secured values (CVE-2021-3447)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
The redhat-release-virtualization-host package no longer requires vdsm-hooks. In this release, the installation of vdsm-hooks is not mandatory for the Red Hat Virtualization Host. (BZ#1976095)
-
Previously, rhsmcertd was not enabled by default on the Red Hat Virtualization Host. As a result, the systems did not regularly report to RHSM while the subscription-manager reported no obvious issues and repositories were properly enabled. In this release, rhsmcertd is enabled by default in RHVH, and as a result, RHSM now receives reports regularly. (BZ#1958145)
-
In this release, the Red Hat Virtualization Host has been rebased on top of the RHEL 8.4.0 Batch #1 update. For more information, see the RHEL release notes. (BZ#1957242)
-
Red Hat Virtualization Host now includes an updated scap-security-guide-rhv which allows you to apply a PCI DSS security profile to the system during installation, (BZ#1883793)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Virtualization | 4 | x86_64 |
| Red Hat Virtualization Host | 4 | x86_64 |
Updated Packages
- redhat-virtualization-host-image-update-placeholder-4.4.7-3.el8ev.noarch.rpm
- redhat-release-virtualization-host-4.4.7-3.el8ev.x86_64.rpm
- scap-security-guide-0.1.54-2.el8ev.src.rpm
- vhostmd-debugsource-1.1-5.el8.x86_64.rpm
- vhostmd-1.1-5.el8.x86_64.rpm
- vm-dump-metrics-1.1-5.el8.x86_64.rpm
- vhostmd-1.1-5.el8.src.rpm
- fcoe-utils-debugsource-1.0.33-3.git848bcc6.el8.x86_64.rpm
- imgbased-1.2.21-1.el8ev.noarch.rpm
- scap-security-guide-rhv-0.1.54-2.el8ev.noarch.rpm
- imgbased-1.2.21-1.el8ev.src.rpm
- redhat-virtualization-host-image-update-4.4.7-20210715.1.el8_4.x86_64.rpm
- vhostmd-debuginfo-1.1-5.el8.x86_64.rpm
- python3-imgbased-1.2.21-1.el8ev.noarch.rpm
- fcoe-utils-1.0.33-3.git848bcc6.el8.x86_64.rpm
- fcoe-utils-1.0.33-3.git848bcc6.el8.src.rpm
- redhat-release-virtualization-host-4.4.7-3.el8ev.src.rpm
- redhat-virtualization-host-4.4.7-20210715.1.el8_4.src.rpm
- vm-dump-metrics-debuginfo-1.1-5.el8.x86_64.rpm
- vm-dump-metrics-devel-1.1-5.el8.x86_64.rpm
- fcoe-utils-debuginfo-1.0.33-3.git848bcc6.el8.x86_64.rpm
Fixes
- This content is not included.BZ - 1883793
- This content is not included.BZ - 1939349
- This content is not included.BZ - 1955415
- This content is not included.BZ - 1957242
- This content is not included.BZ - 1958145
- This content is not included.BZ - 1961305
- This content is not included.BZ - 1970273
- This content is not included.BZ - 1970887
- This content is not included.BZ - 1970970
- This content is not included.BZ - 1976005
- This content is not included.BZ - 1976095
- This content is not included.BZ - 1976118
- This content is not included.BZ - 1976146
- This content is not included.BZ - 1976148
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- This content is not included.This content is not included.https://access.redhat.com/security/vulnerabilities/RHSB-2021-006
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.