- Issued:
- 2020-11-17
- Updated:
- 2020-11-17
RHEA-2020:5127 - Product Enhancement Advisory
Synopsis
OpenShift Virtualization 2.5.0 Images
Type/Severity
Product Enhancement Advisory
Topic
Red Hat OpenShift Virtualization release 2.5.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Description
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 2.5.0 images:
RHEL-7-CNV-2.5
==============
kubevirt-ssp-operator-container-v2.5.0-58
RHEL-8-CNV-2.5
==============
kubevirt-kvm-info-nfd-plugin-container-v2.5.0-9
kubevirt-template-validator-container-v2.5.0-12
node-maintenance-operator-container-v2.5.0-12
hostpath-provisioner-container-v2.5.0-9
kubevirt-cpu-model-nfd-plugin-container-v2.5.0-9
kubevirt-metrics-collector-container-v2.5.0-9
virtio-win-container-v2.5.0-11
cnv-must-gather-container-v2.5.0-53
kubevirt-vmware-container-v2.5.0-12
virt-cdi-controller-container-v2.5.0-21
virt-cdi-cloner-container-v2.5.0-21
virt-cdi-importer-container-v2.5.0-21
virt-cdi-uploadserver-container-v2.5.0-21
virt-cdi-apiserver-container-v2.5.0-21
virt-cdi-operator-container-v2.5.0-21
virt-cdi-uploadproxy-container-v2.5.0-21
kubevirt-cpu-node-labeller-container-v2.5.0-12
vm-import-operator-container-v2.5.0-24
vm-import-controller-container-v2.5.0-24
vm-import-virtv2v-container-v2.5.0-24
kubevirt-v2v-conversion-container-v2.5.0-14
cluster-network-addons-operator-container-v2.5.0-17
bridge-marker-container-v2.5.0-17
kubemacpool-container-v2.5.0-17
kubernetes-nmstate-handler-container-v2.5.0-19
ovs-cni-plugin-container-v2.5.0-17
ovs-cni-marker-container-v2.5.0-16
cnv-containernetworking-plugins-container-v2.5.0-17
hostpath-provisioner-operator-container-v2.5.0-14
virt-api-container-v2.5.0-89
virt-controller-container-v2.5.0-89
virt-handler-container-v2.5.0-89
virt-operator-container-v2.5.0-89
virt-launcher-container-v2.5.0-89
hyperconverged-cluster-operator-container-v2.5.0-53
hco-bundle-registry-container-v2.5.0-440
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Container Native Virtualization 2.5 for RHEL 8 x86_64
Fixes
- BZ - 1822746 - Container-native Virtualization 2.5.0 Images
- BZ - 1851829 - [CNV-2.5] kubemacpool-mac-controller-manager failing to start due invalid private key
- BZ - 1854425 - [v2v] VM import RHV to CNV The Installation Wizard should not automatically try to verify RHV Credentials after they fail once.
- BZ - 1867590 - OLM InstallPlan fails to deploy CNV due to old API v1alpha1 removed from HPP CRD
- BZ - 1867980 - [v2v]VMware to CNV VM import] Deployment of VMware controller v2v-vmware fail if VMware URL contains space at the end
- BZ - 1868045 - [v2v]kubevirt-vmware objects are not cleaned
- BZ - 1868229 - [deply cnv] hco operator run then terminate in a loop
- BZ - 1869365 - CNV 2.5 deployment in disconnected cluster - failing
- BZ - 1871234 - Constraints not satisfiable for CSV kubevirt-hyperconverged.v2.5.0
- BZ - 1875292 - vm-import-controller crashes on cluster wide bios configuration
- BZ - 1875725 - document how to build a container disk and when it should be used
- BZ - 1876559 - Upload PVC with virtctl and specify any StorageClass results with default StorageClass for the pvc
- BZ - 1876908 - KubeVirtMetricsAggregation is missing the "Available" condition
- BZ - 1877698 - ssp operator can't patch the placement api
- BZ - 1877834 - [Common templates] Golden images - only one image per major OS release can be uploaded
- BZ - 1878042 - .spec.customresourcedefinitions.owned[].version is empty on SSP operator CSV making it invalid
- BZ - 1878060 - Snapshot feature gate is not enabled in cnv 2.5
- BZ - 1878118 - [CNV 2.5] VM failed to start
- BZ - 1878670 - [CNV-2.5] virtctl version returns GitVersion:"v0.0.0-master+$Format:%h$"
- BZ - 1878757 - [uninstallation bug] virt-api, virt-controller Deployments and virt-handler DaemonSet are not getting deleted upon Kubevirt CR deletion
- BZ - 1879381 - [cnv deployment] cdi-apiserver cannot start due to missing libdevmapper
- BZ - 1879483 - The cloudinit does not set the password for rhel vms
- BZ - 1879958 - [CNV-2.5][Uninstall] It is not possible to uninstall CNV from OCP-4.6-fc.5
- BZ - 1880394 - "OpenShift Virtualization Operator Deployment" used instead of "OpenShift Virtualization Deployment" for HCO CR
- BZ - 1880950 - [CNV-2.5.0] Can not import VM Image due no kind "VMImportConfig" is registered
- BZ - 1881658 - Fail to start VM from template - "PVC default/fedora-dv owned by DataVolume fedora-dv cannot be used as a volume source. Use DataVolume instead"
- BZ - 1881676 - Cordon of nodes should not trigger VMI Migration.
- BZ - 1881928 - Cannot create a VM from golden image - insufficient permissions in clone source namespace openshift-virtualization-os-images
- BZ - 1881930 - Failure to create tap device upon VM creation
- BZ - 1882052 - Upstream images are visible in relatedImages in downstream CSV
- BZ - 1883418 - [CNV-2.5] virt-handler fails to start due to a missing SEinux policy file
- BZ - 1883468 - Validation rules for disk bus fail
- BZ - 1883857 - The guest agent which is available in current RHEL 8.2 is unsupported in CNV
- BZ - 1884138 - Update webhook always fails updating the spec.workloads field
- BZ - 1884142 - Changes to VM-Import CR's spec.infra field are ignored
- BZ - 1884164 - [v2v][VMware to CNV VM import API] Importer fails on "Unable to start nbdkit"
- BZ - 1884232 - [CNV-2.5] virt-handler fails to start due to cannot open shared object libvirt-lxc.so.0
- BZ - 1884278 - Import from registry fails for specific quay.io images
- BZ - 1884310 - [v2v][VMware to CNV VM import] kubevirt-vmware crashes with https prefix
- BZ - 1884536 - VMs with VCPU=1 created from 2.4 templates will stop working in 2.5
- BZ - 1884538 - v2v-vmware config map cannot be modified to add vddk-init-image
- BZ - 1884970 - [v2v][Doc][VMware to CNV VM import API] Storage Mapping: Source storage name should change to storage id
- BZ - 1884975 - [v2v][VMware to CNV VM import API] Storage Mapping: Using VMware storage name cause a crash
- BZ - 1884996 - [v2v][Doc][VMware to CNV VM import API] Target Network mapping example does not work
- BZ - 1885174 - tracker: knmstate fails to show state if node has a managed OvS bridge
- BZ - 1885196 - VM creation fails when using URL as boot source or when cloning a golden image
- BZ - 1885964 - Image Cloning Slow Compared to URL
- BZ - 1886694 - [v2v][VMware to CNV VM import API] VM import reconcile loop cause VMware SDK service to become stuck.
- BZ - 1887138 - [v2v][VMware to CNV VM import API] VM import takes 31 minutes to finish last 25% part.
- BZ - 1888588 - [v2v][VMware to CNV VM import API] vmimport.v2v.kubevirt pod remains after imported VM is removed.
- BZ - 1889401 - Cannot revert changes after adding nodePlacement to HCO
- BZ - 1890486 - [v2v][VMware to CNV VM import API]Windows 10 import fails on no matching template
- BZ - 1892572 - Upstream image is visible in downstream CSV
- BZ - 1893744 - [CNAO] Cannot apply pod placement on a "day-2" phase. CR got reconciled
- BZ - 1894051 - [v2v][Testday][Doc][VM import from RHV to CNV] Add details on how the RHV VM ID can be fetched
CVEs
- CVE-2018-9251
- CVE-2018-14404
- CVE-2018-20843
- CVE-2019-1547
- CVE-2019-1549
- CVE-2019-1563
- CVE-2019-5094
- CVE-2019-5188
- CVE-2019-5436
- CVE-2019-5481
- CVE-2019-5482
- CVE-2019-12450
- CVE-2019-14822
- CVE-2019-15847
- CVE-2019-15903
- CVE-2019-19126
- CVE-2019-19956
- CVE-2019-20386
- CVE-2019-20388
- CVE-2019-1010180
- CVE-2020-7595
- CVE-2020-8177
- CVE-2020-8559
- CVE-2020-12049
- CVE-2020-12243
- CVE-2020-15586
- CVE-2020-15999
- CVE-2020-16845
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.