Issued:
2022-09-08
Updated:
2022-09-08

RHSA-2022:6392 - Important: RHV RHEL Host ovirt-host - [ovirt-4.5.2] security update

Synopsis

Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update

Type/Severity

Security Advisory Important

Topic

Updated host packages that fix several bugs and add various enhancements are now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ovirt-host package consolidates host package requirements into a single meta package.

Security Fix(es):

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • The hosted-engine-ha binaries have been moved from /usr/share to /usr/libexec. As a result, the hosted-engine --clean-metadata command fails. With this release, you must use the new path for the command to succeed: /usr/libexec/ovirt-hosted-engine-ha/ovirt-ha-agent (BZ#2105781)

  • A new warning has been added to the vdsm-tool to protect users from using the unsupported user_friendly_names multipath configuration. The following is an example of the output:

$ vdsm-tool is-configured --module multipath WARNING: Invalid configuration: 'user_friendly_names' is enabled in multipath configuration: section1 { key1 value1 user_friendly_names yes key2 value2 } section2 { user_friendly_names yes } This configuration is not supported and may lead to storage domain corruption. (BZ#1793207)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

ProductVersionArch
Red Hat Virtualization4x86_64
Red Hat Virtualization for IBM Power LE4ppc64le
Red Hat Virtualization Host4x86_64

Updated Packages

  • ovirt-host-4.5.0-3.1.el8ev.ppc64le.rpm
  • ovirt-host-dependencies-4.5.0-3.1.el8ev.x86_64.rpm
  • vdsm-http-4.50.2.2-1.el8ev.noarch.rpm
  • mom-0.6.3-1.el8ev.noarch.rpm
  • cockpit-ovirt-dashboard-0.16.2-1.el8ev.noarch.rpm
  • vdsm-hook-vhostmd-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-hook-localdisk-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-4.50.2.2-1.el8ev.ppc64le.rpm
  • vdsm-hook-extra-ipv4-addrs-4.50.2.2-1.el8ev.x86_64.rpm
  • vdsm-hook-fcoe-4.50.2.2-1.el8ev.noarch.rpm
  • ovirt-hosted-engine-setup-2.6.5-1.1.el8ev.src.rpm
  • vdsm-python-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-jsonrpc-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-4.50.2.2-1.el8ev.src.rpm
  • ovirt-host-4.5.0-3.1.el8ev.src.rpm
  • cockpit-ovirt-0.16.2-1.el8ev.src.rpm
  • vdsm-hook-checkips-4.50.2.2-1.el8ev.ppc64le.rpm
  • vdsm-hook-extra-ipv4-addrs-4.50.2.2-1.el8ev.ppc64le.rpm
  • vdsm-network-4.50.2.2-1.el8ev.x86_64.rpm
  • ovirt-hosted-engine-setup-2.6.5-1.1.el8ev.noarch.rpm
  • vdsm-gluster-4.50.2.2-1.el8ev.x86_64.rpm
  • ovirt-host-4.5.0-3.1.el8ev.x86_64.rpm
  • ovirt-host-dependencies-4.5.0-3.1.el8ev.ppc64le.rpm
  • vdsm-hook-ethtool-options-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-api-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-common-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-4.50.2.2-1.el8ev.x86_64.rpm
  • vdsm-client-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-hook-checkips-4.50.2.2-1.el8ev.x86_64.rpm
  • vdsm-hook-nestedvt-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-network-4.50.2.2-1.el8ev.ppc64le.rpm
  • vdsm-yajsonrpc-4.50.2.2-1.el8ev.noarch.rpm
  • vdsm-hook-openstacknet-4.50.2.2-1.el8ev.noarch.rpm
  • mom-0.6.3-1.el8ev.src.rpm
  • vdsm-hook-cpuflags-4.50.2.2-1.el8ev.noarch.rpm

Fixes

CVEs

References

Additional information