- Issued:
- 2019-01-22
- Updated:
- 2019-01-22
RHBA-2019:0116 - Bug Fix Advisory
Synopsis
Red Hat Virtualization security and bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Description
The redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
For redhat-virtualization-host: Previously, vdsm-tool potentially changed /etc/group, resulting in a changed label for selinux. As a result, OpenSSH failed when trying to run chgrp to create host keys. This release fixes this issue by moving the selinux relabel after calling vdsm-tool. As a result, /etc/group has the right selinux label, and the system is stable.
The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime.
For imgbased: Previously, values from the default ntp.conf file were being unconditionally migrated to chrony, overwriting the chrony.conf file with the wrong values. The current update fixes this issue by migrating the values from ntp.conf to chrony.conf only when ntp.conf is valid and ntp is running.
For imgbased: Previously, we configured vdsm during the first boot after an upgrade. Rebooting a specific version of RHV-H twice caused it to enter emergency mode. The current update fixes this issue by calling vdsm-tool configure --force in the new layer, using SYSTEMD_IGNORE_CHROOT.
The ovirt-node package provides the utilities and recipes used to create and
configure the Red Hat Enterprise Virtualization Hypervisor ISO image.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the
Intel 64 and AMD64 architectures with virtualization extensions.
For ovirt-node: Previously, because /var is not layered, files that exist on both the new image and the running system were not copied from the image. As a result, packages that shipped files under /var were not updated correctly. The current update fixes this issue: If an updated file exists on both the new image and the running system, the original file is saved as ".imgbak" and the new file is copied over. Both original and new files exist under /var.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
For ovirt-node-ng: Previously, imgbased tried to override dangling symlinks to redhat-access-insights. As a result, upgrading RHVH failed when trying to copy over the dangling symlinks. The current update fixes this issue by copying /etc/redhat-access-insights files from the previous layer to /etc/insights-client. The files are placed in the correct location, and the symlinks point to the updated files correctly.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Virtualization 4 for RHEL 7 x86_64
- Red Hat Virtualization Host 4 for RHEL 7 x86_64
Fixes
- BZ - 1649658 - RHV-H upgrade from 4.1 to 4.2 will fail with error "not writing through dangling symlink" if server is registered to insight
- BZ - 1652940 - [downstream clone - 4.2.8] NTP config is migrated to chrony on every upgrade
- BZ - 1654147 - [downstream clone - 4.2.8] [upgrade] Post upgrade, new options are not available in virt profile
- BZ - 1655489 - [downstream clone - 4.2.8] RHVH enters emergency mode when updated to the latest version and rebooted twice
- BZ - 1658053 - [downstream clone - 4.2.8] Failed to start OpenSSH server daemon
CVEs
(none)
References
(none)
Red Hat Virtualization 4 for RHEL 7
SRPM | |
---|---|
imgbased-1.0.31-1.el7ev.src.rpm | SHA-256: 99e8a2dc7bbc19c39e98cc2b20b469a540a1345b1f63191d0de41d220eb810e7 |
redhat-release-virtualization-host-4.2-8.0.el7.src.rpm | SHA-256: e7f78464f90e0a7e12b727c1800a8f06a9a6ce5ab05f42348b4a112caa2cdeaa |
x86_64 | |
imgbased-1.0.31-1.el7ev.noarch.rpm | SHA-256: 13839273931fb63771370da52f7cc3640cf626b9b319df8a76ed25d0b6a38534 |
python-imgbased-1.0.31-1.el7ev.noarch.rpm | SHA-256: 289df201525431987a62d35a2987816a8d2a79a56a1580bfc0c016fd6eae7041 |
redhat-release-virtualization-host-4.2-8.0.el7.x86_64.rpm | SHA-256: 49162874396fd81ff9f00ef739d5237b336df9f8080fb0a3480fedaaa2221bb5 |
redhat-virtualization-host-image-update-placeholder-4.2-8.0.el7.noarch.rpm | SHA-256: e517d5ce244362ca33cb0618eb0f92cbdb446a1c92cb46db97ebce04c9a44979 |
Red Hat Virtualization Host 4 for RHEL 7
SRPM | |
---|---|
redhat-virtualization-host-4.2-20190116.0.el7_6.src.rpm | SHA-256: 506096441cb5b1f717f9f55972bb4d65bd1245590ac38aef4a89212c15170fd9 |
x86_64 | |
redhat-virtualization-host-image-update-4.2-20190116.0.el7_6.noarch.rpm | SHA-256: 1af59c69e25fe80e3c51af47af35e68115f828a1cee4b082d32cf06dafe4dc19 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.