RHSA-2021:0401 - Security Advisory

Topic

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

• sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
• dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
• dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
• dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.

With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

After installing this update, the smb service will be restarted automatically.

Affected Products

• Red Hat Virtualization 4 for RHEL 8 x86_64
• Red Hat Virtualization Host 4 for RHEL 8 x86_64

Fixes

• BZ - 1850939 - Hosted engine deployment does not properly show iSCSI LUN errors
• BZ - 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel
• BZ - 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
• BZ - 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
• BZ - 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
• BZ - 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4
• BZ - 1902646 - ssh connection fails due to overly permissive openssh.config file permissions
• BZ - 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml
• BZ - 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
• BZ - 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError
• BZ - 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed.

CVEs

• CVE-2020-25684
• CVE-2020-25685
• CVE-2020-25686
• CVE-2021-3156

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/RHSB-2021-001
• https://access.redhat.com/security/vulnerabilities/RHSB-2021-002