- Issued:
- 2021-02-03
- Updated:
- 2021-02-03
RHSA-2021:0395 - Security Advisory
Synopsis
Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
- sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
- dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
- dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
- dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- When performing an upgrade of the Red Hat Virtualization Host using the command `yum update`, the yum repository for RHV 4.3 EUS is unreachable
As a workaround, run the following command:
`# yum update --releasever=7Server` (BZ#1899378)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Virtualization 4 for RHEL 7 x86_64
- Red Hat Virtualization Host 4 for RHEL 7 x86_64
- Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
Fixes
- BZ - 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
- BZ - 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
- BZ - 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
- BZ - 1899378 - rhel-7-server-rhvh-4.3-eus-rpms repo is unavailable
- BZ - 1916111 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #3
- BZ - 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Virtualization 4 for RHEL 7
| SRPM | |
|---|---|
| redhat-release-virtualization-host-4.3.13-2.el7ev.src.rpm | SHA-256: c1a568313d2896df8b9f9d06cd5864e818825e21a4a5b26c8415487ce5412ce0 |
| redhat-virtualization-host-4.3.13-20210127.0.el7_9.src.rpm | SHA-256: a9f996a42c1ab4733d3aaf05e0c5d58f48c68957ccd087f62cbc1779a1927459 |
| vdsm-4.30.51-1.el7ev.src.rpm | SHA-256: 3e152b0f4adbc43ba19214f1220c610de861b65f27004f0ebf493355241660a4 |
| x86_64 | |
| redhat-release-virtualization-host-4.3.13-2.el7ev.x86_64.rpm | SHA-256: 95bf3d36d0737ff2b5804e178483e73f25750e34c654a6c8a97715fc6e7bd272 |
| redhat-virtualization-host-image-update-4.3.13-20210127.0.el7_9.noarch.rpm | SHA-256: 47478319d02b287d988536e73c7e2e77286d9017a906852db28cfd52c3e3427e |
| redhat-virtualization-host-image-update-placeholder-4.3.13-2.el7ev.noarch.rpm | SHA-256: c471186b890e12c9f52e67096e36cd673324d29e3757aea0381e31fcf125b8b5 |
| vdsm-4.30.51-1.el7ev.x86_64.rpm | SHA-256: 08ec06ff48f6fb7efa65777ef5f51ecb42f63b172c056717480f2d86b871b178 |
| vdsm-api-4.30.51-1.el7ev.noarch.rpm | SHA-256: c77691da1b13cad3982ade30607cd766fd51029ec46b20a282583f0cf0b9d371 |
| vdsm-client-4.30.51-1.el7ev.noarch.rpm | SHA-256: 7013ff95558139365c79a232f646bf6fa04add026de978522d3edf62a2d8137a |
| vdsm-common-4.30.51-1.el7ev.noarch.rpm | SHA-256: 1987138557e2affa286123f36b0bed40e8442a975b08796c0381187de38b8ffe |
| vdsm-gluster-4.30.51-1.el7ev.x86_64.rpm | SHA-256: f85b2018ac51f7a3ead9f9704a48a8226869c6df3fb1913156bdaa64749f8c20 |
| vdsm-hook-checkips-4.30.51-1.el7ev.x86_64.rpm | SHA-256: 85136355d6cc317d0a18e8a82e491a6dee4e8d056c1227a965bf810a6251e3de |
| vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm | SHA-256: 340d947b5d263f0a3c11061d1c7f7fa39d25eab7bddc74b5feda721b995d4375 |
| vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm | SHA-256: eb0bdfc24276ec1859132688aca5aeae5b57cc33fd599a4dc8e03037a6b63eb4 |
| vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.x86_64.rpm | SHA-256: 066f3c0315e327678e2e818ce1841c4bf6cd7583f587fb7066b4381c72caae4f |
| vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm | SHA-256: f159a68641a14056b3e22a761ff39d692036e939eedbb9b01a4a1c152944d17c |
| vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm | SHA-256: aeceddedc8663641b1c7d0f3e8c1fb360efc6609888c9907d889d6bfd9db6352 |
| vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm | SHA-256: 429465f913220b8ebcbbf108eb7620e0a26682330efedb65a53233b776e900b8 |
| vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm | SHA-256: 2df8f7bf349204387aa24f27d762be4ee69d4daad7e9ab1a6912a880f773ed07 |
| vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm | SHA-256: 0d6cfee201fbb990c90731d40051c039247298201d5ac34eeee49d99ac0cbf79 |
| vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm | SHA-256: ac46ed44e8b32a00b2da58f7f1735f5c53379560222a5ab742b56ccff0880a12 |
| vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm | SHA-256: 2791e529bb4f9f98f685877f74fea3e6a55081171031b678823e7be62e72cf68 |
| vdsm-http-4.30.51-1.el7ev.noarch.rpm | SHA-256: c4bad32ba816d00c7cfd38ec0834e87a0e3addf8f3135514a00cea9115b8419e |
| vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm | SHA-256: 803cf9a5d00079753c2d32acb2d593d931a2b2b17d84922a6fab5bba631f3bec |
| vdsm-network-4.30.51-1.el7ev.x86_64.rpm | SHA-256: d67d0ede934ddc63512d2669b48be7feb74f24c211ee8b5cfacf625c852a9809 |
| vdsm-python-4.30.51-1.el7ev.noarch.rpm | SHA-256: ffa8e53598a2457ebd4ee3b46af347e580b2c6e15c436a8d5d1a963de60ad001 |
| vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm | SHA-256: 5faa82f1bcfe69f24a0ade1fa0147519da939e9f9e68d9e10fa139ce2570c017 |
Red Hat Virtualization Host 4 for RHEL 7
| SRPM | |
|---|---|
| redhat-virtualization-host-4.3.13-20210127.0.el7_9.src.rpm | SHA-256: a9f996a42c1ab4733d3aaf05e0c5d58f48c68957ccd087f62cbc1779a1927459 |
| x86_64 | |
| redhat-virtualization-host-image-update-4.3.13-20210127.0.el7_9.noarch.rpm | SHA-256: 47478319d02b287d988536e73c7e2e77286d9017a906852db28cfd52c3e3427e |
Red Hat Virtualization for IBM Power LE 4 for RHEL 7
| SRPM | |
|---|---|
| vdsm-4.30.51-1.el7ev.src.rpm | SHA-256: 3e152b0f4adbc43ba19214f1220c610de861b65f27004f0ebf493355241660a4 |
| ppc64le | |
| vdsm-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 5b803e24edb5416183905a2c9ecaf203153f7ec6e9c333ff5f1c0c7f7f24e3fd |
| vdsm-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 5b803e24edb5416183905a2c9ecaf203153f7ec6e9c333ff5f1c0c7f7f24e3fd |
| vdsm-api-4.30.51-1.el7ev.noarch.rpm | SHA-256: c77691da1b13cad3982ade30607cd766fd51029ec46b20a282583f0cf0b9d371 |
| vdsm-api-4.30.51-1.el7ev.noarch.rpm | SHA-256: c77691da1b13cad3982ade30607cd766fd51029ec46b20a282583f0cf0b9d371 |
| vdsm-client-4.30.51-1.el7ev.noarch.rpm | SHA-256: 7013ff95558139365c79a232f646bf6fa04add026de978522d3edf62a2d8137a |
| vdsm-client-4.30.51-1.el7ev.noarch.rpm | SHA-256: 7013ff95558139365c79a232f646bf6fa04add026de978522d3edf62a2d8137a |
| vdsm-common-4.30.51-1.el7ev.noarch.rpm | SHA-256: 1987138557e2affa286123f36b0bed40e8442a975b08796c0381187de38b8ffe |
| vdsm-common-4.30.51-1.el7ev.noarch.rpm | SHA-256: 1987138557e2affa286123f36b0bed40e8442a975b08796c0381187de38b8ffe |
| vdsm-gluster-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 0417b4eb173f1ebc8feedb6cecca03d9aaf1ddef3c2572739eb7ff18d0233845 |
| vdsm-gluster-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 0417b4eb173f1ebc8feedb6cecca03d9aaf1ddef3c2572739eb7ff18d0233845 |
| vdsm-hook-checkips-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 3d54b09bfa4e027f02693533d7398860afc322685205e7f1c4761a3f4c2865ee |
| vdsm-hook-checkips-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 3d54b09bfa4e027f02693533d7398860afc322685205e7f1c4761a3f4c2865ee |
| vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm | SHA-256: 340d947b5d263f0a3c11061d1c7f7fa39d25eab7bddc74b5feda721b995d4375 |
| vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm | SHA-256: 340d947b5d263f0a3c11061d1c7f7fa39d25eab7bddc74b5feda721b995d4375 |
| vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm | SHA-256: eb0bdfc24276ec1859132688aca5aeae5b57cc33fd599a4dc8e03037a6b63eb4 |
| vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm | SHA-256: eb0bdfc24276ec1859132688aca5aeae5b57cc33fd599a4dc8e03037a6b63eb4 |
| vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 9940459157617c2ebd5225f48d7c04241434c0495f552e1c8b74267dceef4c60 |
| vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 9940459157617c2ebd5225f48d7c04241434c0495f552e1c8b74267dceef4c60 |
| vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm | SHA-256: f159a68641a14056b3e22a761ff39d692036e939eedbb9b01a4a1c152944d17c |
| vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm | SHA-256: f159a68641a14056b3e22a761ff39d692036e939eedbb9b01a4a1c152944d17c |
| vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm | SHA-256: aeceddedc8663641b1c7d0f3e8c1fb360efc6609888c9907d889d6bfd9db6352 |
| vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm | SHA-256: aeceddedc8663641b1c7d0f3e8c1fb360efc6609888c9907d889d6bfd9db6352 |
| vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm | SHA-256: 429465f913220b8ebcbbf108eb7620e0a26682330efedb65a53233b776e900b8 |
| vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm | SHA-256: 429465f913220b8ebcbbf108eb7620e0a26682330efedb65a53233b776e900b8 |
| vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm | SHA-256: 2df8f7bf349204387aa24f27d762be4ee69d4daad7e9ab1a6912a880f773ed07 |
| vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm | SHA-256: 2df8f7bf349204387aa24f27d762be4ee69d4daad7e9ab1a6912a880f773ed07 |
| vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm | SHA-256: 0d6cfee201fbb990c90731d40051c039247298201d5ac34eeee49d99ac0cbf79 |
| vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm | SHA-256: 0d6cfee201fbb990c90731d40051c039247298201d5ac34eeee49d99ac0cbf79 |
| vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm | SHA-256: ac46ed44e8b32a00b2da58f7f1735f5c53379560222a5ab742b56ccff0880a12 |
| vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm | SHA-256: ac46ed44e8b32a00b2da58f7f1735f5c53379560222a5ab742b56ccff0880a12 |
| vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm | SHA-256: 2791e529bb4f9f98f685877f74fea3e6a55081171031b678823e7be62e72cf68 |
| vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm | SHA-256: 2791e529bb4f9f98f685877f74fea3e6a55081171031b678823e7be62e72cf68 |
| vdsm-http-4.30.51-1.el7ev.noarch.rpm | SHA-256: c4bad32ba816d00c7cfd38ec0834e87a0e3addf8f3135514a00cea9115b8419e |
| vdsm-http-4.30.51-1.el7ev.noarch.rpm | SHA-256: c4bad32ba816d00c7cfd38ec0834e87a0e3addf8f3135514a00cea9115b8419e |
| vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm | SHA-256: 803cf9a5d00079753c2d32acb2d593d931a2b2b17d84922a6fab5bba631f3bec |
| vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm | SHA-256: 803cf9a5d00079753c2d32acb2d593d931a2b2b17d84922a6fab5bba631f3bec |
| vdsm-network-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 7322c1a3e9d27ff2efc2f756876bab74992c9f52207dd15e2a9857e36a5050ac |
| vdsm-network-4.30.51-1.el7ev.ppc64le.rpm | SHA-256: 7322c1a3e9d27ff2efc2f756876bab74992c9f52207dd15e2a9857e36a5050ac |
| vdsm-python-4.30.51-1.el7ev.noarch.rpm | SHA-256: ffa8e53598a2457ebd4ee3b46af347e580b2c6e15c436a8d5d1a963de60ad001 |
| vdsm-python-4.30.51-1.el7ev.noarch.rpm | SHA-256: ffa8e53598a2457ebd4ee3b46af347e580b2c6e15c436a8d5d1a963de60ad001 |
| vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm | SHA-256: 5faa82f1bcfe69f24a0ade1fa0147519da939e9f9e68d9e10fa139ce2570c017 |
| vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm | SHA-256: 5faa82f1bcfe69f24a0ade1fa0147519da939e9f9e68d9e10fa139ce2570c017 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
