Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:0395 - Security Advisory
Issued:
2021-02-03
Updated:
2021-02-03

RHSA-2021:0395 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

  • sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
  • dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
  • dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
  • dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • When performing an upgrade of the Red Hat Virtualization Host using the command `yum update`, the yum repository for RHV 4.3 EUS is unreachable

As a workaround, run the following command:
`# yum update --releasever=7Server` (BZ#1899378)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization Host 4 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le

Fixes

  • BZ - 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
  • BZ - 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
  • BZ - 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
  • BZ - 1899378 - rhel-7-server-rhvh-4.3-eus-rpms repo is unavailable
  • BZ - 1916111 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #3
  • BZ - 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing

CVEs

  • CVE-2020-25684
  • CVE-2020-25685
  • CVE-2020-25686
  • CVE-2021-3156

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/RHSB-2021-001
  • https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 7

SRPM
redhat-release-virtualization-host-4.3.13-2.el7ev.src.rpm SHA-256: c1a568313d2896df8b9f9d06cd5864e818825e21a4a5b26c8415487ce5412ce0
redhat-virtualization-host-4.3.13-20210127.0.el7_9.src.rpm SHA-256: a9f996a42c1ab4733d3aaf05e0c5d58f48c68957ccd087f62cbc1779a1927459
vdsm-4.30.51-1.el7ev.src.rpm SHA-256: 3e152b0f4adbc43ba19214f1220c610de861b65f27004f0ebf493355241660a4
x86_64
redhat-release-virtualization-host-4.3.13-2.el7ev.x86_64.rpm SHA-256: 95bf3d36d0737ff2b5804e178483e73f25750e34c654a6c8a97715fc6e7bd272
redhat-virtualization-host-image-update-4.3.13-20210127.0.el7_9.noarch.rpm SHA-256: 47478319d02b287d988536e73c7e2e77286d9017a906852db28cfd52c3e3427e
redhat-virtualization-host-image-update-placeholder-4.3.13-2.el7ev.noarch.rpm SHA-256: c471186b890e12c9f52e67096e36cd673324d29e3757aea0381e31fcf125b8b5
vdsm-4.30.51-1.el7ev.x86_64.rpm SHA-256: 08ec06ff48f6fb7efa65777ef5f51ecb42f63b172c056717480f2d86b871b178
vdsm-api-4.30.51-1.el7ev.noarch.rpm SHA-256: c77691da1b13cad3982ade30607cd766fd51029ec46b20a282583f0cf0b9d371
vdsm-client-4.30.51-1.el7ev.noarch.rpm SHA-256: 7013ff95558139365c79a232f646bf6fa04add026de978522d3edf62a2d8137a
vdsm-common-4.30.51-1.el7ev.noarch.rpm SHA-256: 1987138557e2affa286123f36b0bed40e8442a975b08796c0381187de38b8ffe
vdsm-gluster-4.30.51-1.el7ev.x86_64.rpm SHA-256: f85b2018ac51f7a3ead9f9704a48a8226869c6df3fb1913156bdaa64749f8c20
vdsm-hook-checkips-4.30.51-1.el7ev.x86_64.rpm SHA-256: 85136355d6cc317d0a18e8a82e491a6dee4e8d056c1227a965bf810a6251e3de
vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm SHA-256: 340d947b5d263f0a3c11061d1c7f7fa39d25eab7bddc74b5feda721b995d4375
vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm SHA-256: eb0bdfc24276ec1859132688aca5aeae5b57cc33fd599a4dc8e03037a6b63eb4
vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.x86_64.rpm SHA-256: 066f3c0315e327678e2e818ce1841c4bf6cd7583f587fb7066b4381c72caae4f
vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm SHA-256: f159a68641a14056b3e22a761ff39d692036e939eedbb9b01a4a1c152944d17c
vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm SHA-256: aeceddedc8663641b1c7d0f3e8c1fb360efc6609888c9907d889d6bfd9db6352
vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm SHA-256: 429465f913220b8ebcbbf108eb7620e0a26682330efedb65a53233b776e900b8
vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm SHA-256: 2df8f7bf349204387aa24f27d762be4ee69d4daad7e9ab1a6912a880f773ed07
vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm SHA-256: 0d6cfee201fbb990c90731d40051c039247298201d5ac34eeee49d99ac0cbf79
vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm SHA-256: ac46ed44e8b32a00b2da58f7f1735f5c53379560222a5ab742b56ccff0880a12
vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm SHA-256: 2791e529bb4f9f98f685877f74fea3e6a55081171031b678823e7be62e72cf68
vdsm-http-4.30.51-1.el7ev.noarch.rpm SHA-256: c4bad32ba816d00c7cfd38ec0834e87a0e3addf8f3135514a00cea9115b8419e
vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm SHA-256: 803cf9a5d00079753c2d32acb2d593d931a2b2b17d84922a6fab5bba631f3bec
vdsm-network-4.30.51-1.el7ev.x86_64.rpm SHA-256: d67d0ede934ddc63512d2669b48be7feb74f24c211ee8b5cfacf625c852a9809
vdsm-python-4.30.51-1.el7ev.noarch.rpm SHA-256: ffa8e53598a2457ebd4ee3b46af347e580b2c6e15c436a8d5d1a963de60ad001
vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm SHA-256: 5faa82f1bcfe69f24a0ade1fa0147519da939e9f9e68d9e10fa139ce2570c017

Red Hat Virtualization Host 4 for RHEL 7

SRPM
redhat-virtualization-host-4.3.13-20210127.0.el7_9.src.rpm SHA-256: a9f996a42c1ab4733d3aaf05e0c5d58f48c68957ccd087f62cbc1779a1927459
x86_64
redhat-virtualization-host-image-update-4.3.13-20210127.0.el7_9.noarch.rpm SHA-256: 47478319d02b287d988536e73c7e2e77286d9017a906852db28cfd52c3e3427e

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
vdsm-4.30.51-1.el7ev.src.rpm SHA-256: 3e152b0f4adbc43ba19214f1220c610de861b65f27004f0ebf493355241660a4
ppc64le
vdsm-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 5b803e24edb5416183905a2c9ecaf203153f7ec6e9c333ff5f1c0c7f7f24e3fd
vdsm-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 5b803e24edb5416183905a2c9ecaf203153f7ec6e9c333ff5f1c0c7f7f24e3fd
vdsm-api-4.30.51-1.el7ev.noarch.rpm SHA-256: c77691da1b13cad3982ade30607cd766fd51029ec46b20a282583f0cf0b9d371
vdsm-api-4.30.51-1.el7ev.noarch.rpm SHA-256: c77691da1b13cad3982ade30607cd766fd51029ec46b20a282583f0cf0b9d371
vdsm-client-4.30.51-1.el7ev.noarch.rpm SHA-256: 7013ff95558139365c79a232f646bf6fa04add026de978522d3edf62a2d8137a
vdsm-client-4.30.51-1.el7ev.noarch.rpm SHA-256: 7013ff95558139365c79a232f646bf6fa04add026de978522d3edf62a2d8137a
vdsm-common-4.30.51-1.el7ev.noarch.rpm SHA-256: 1987138557e2affa286123f36b0bed40e8442a975b08796c0381187de38b8ffe
vdsm-common-4.30.51-1.el7ev.noarch.rpm SHA-256: 1987138557e2affa286123f36b0bed40e8442a975b08796c0381187de38b8ffe
vdsm-gluster-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 0417b4eb173f1ebc8feedb6cecca03d9aaf1ddef3c2572739eb7ff18d0233845
vdsm-gluster-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 0417b4eb173f1ebc8feedb6cecca03d9aaf1ddef3c2572739eb7ff18d0233845
vdsm-hook-checkips-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 3d54b09bfa4e027f02693533d7398860afc322685205e7f1c4761a3f4c2865ee
vdsm-hook-checkips-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 3d54b09bfa4e027f02693533d7398860afc322685205e7f1c4761a3f4c2865ee
vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm SHA-256: 340d947b5d263f0a3c11061d1c7f7fa39d25eab7bddc74b5feda721b995d4375
vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm SHA-256: 340d947b5d263f0a3c11061d1c7f7fa39d25eab7bddc74b5feda721b995d4375
vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm SHA-256: eb0bdfc24276ec1859132688aca5aeae5b57cc33fd599a4dc8e03037a6b63eb4
vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm SHA-256: eb0bdfc24276ec1859132688aca5aeae5b57cc33fd599a4dc8e03037a6b63eb4
vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 9940459157617c2ebd5225f48d7c04241434c0495f552e1c8b74267dceef4c60
vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 9940459157617c2ebd5225f48d7c04241434c0495f552e1c8b74267dceef4c60
vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm SHA-256: f159a68641a14056b3e22a761ff39d692036e939eedbb9b01a4a1c152944d17c
vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm SHA-256: f159a68641a14056b3e22a761ff39d692036e939eedbb9b01a4a1c152944d17c
vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm SHA-256: aeceddedc8663641b1c7d0f3e8c1fb360efc6609888c9907d889d6bfd9db6352
vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm SHA-256: aeceddedc8663641b1c7d0f3e8c1fb360efc6609888c9907d889d6bfd9db6352
vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm SHA-256: 429465f913220b8ebcbbf108eb7620e0a26682330efedb65a53233b776e900b8
vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm SHA-256: 429465f913220b8ebcbbf108eb7620e0a26682330efedb65a53233b776e900b8
vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm SHA-256: 2df8f7bf349204387aa24f27d762be4ee69d4daad7e9ab1a6912a880f773ed07
vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm SHA-256: 2df8f7bf349204387aa24f27d762be4ee69d4daad7e9ab1a6912a880f773ed07
vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm SHA-256: 0d6cfee201fbb990c90731d40051c039247298201d5ac34eeee49d99ac0cbf79
vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm SHA-256: 0d6cfee201fbb990c90731d40051c039247298201d5ac34eeee49d99ac0cbf79
vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm SHA-256: ac46ed44e8b32a00b2da58f7f1735f5c53379560222a5ab742b56ccff0880a12
vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm SHA-256: ac46ed44e8b32a00b2da58f7f1735f5c53379560222a5ab742b56ccff0880a12
vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm SHA-256: 2791e529bb4f9f98f685877f74fea3e6a55081171031b678823e7be62e72cf68
vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm SHA-256: 2791e529bb4f9f98f685877f74fea3e6a55081171031b678823e7be62e72cf68
vdsm-http-4.30.51-1.el7ev.noarch.rpm SHA-256: c4bad32ba816d00c7cfd38ec0834e87a0e3addf8f3135514a00cea9115b8419e
vdsm-http-4.30.51-1.el7ev.noarch.rpm SHA-256: c4bad32ba816d00c7cfd38ec0834e87a0e3addf8f3135514a00cea9115b8419e
vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm SHA-256: 803cf9a5d00079753c2d32acb2d593d931a2b2b17d84922a6fab5bba631f3bec
vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm SHA-256: 803cf9a5d00079753c2d32acb2d593d931a2b2b17d84922a6fab5bba631f3bec
vdsm-network-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 7322c1a3e9d27ff2efc2f756876bab74992c9f52207dd15e2a9857e36a5050ac
vdsm-network-4.30.51-1.el7ev.ppc64le.rpm SHA-256: 7322c1a3e9d27ff2efc2f756876bab74992c9f52207dd15e2a9857e36a5050ac
vdsm-python-4.30.51-1.el7ev.noarch.rpm SHA-256: ffa8e53598a2457ebd4ee3b46af347e580b2c6e15c436a8d5d1a963de60ad001
vdsm-python-4.30.51-1.el7ev.noarch.rpm SHA-256: ffa8e53598a2457ebd4ee3b46af347e580b2c6e15c436a8d5d1a963de60ad001
vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm SHA-256: 5faa82f1bcfe69f24a0ade1fa0147519da939e9f9e68d9e10fa139ce2570c017
vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm SHA-256: 5faa82f1bcfe69f24a0ade1fa0147519da939e9f9e68d9e10fa139ce2570c017

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter