- Issued:
- 2021-02-03
- Updated:
- 2021-02-03
RHSA-2021:0401 - Security Advisory
Synopsis
Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
- sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
- dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
- dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
- dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.
With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
After installing this update, the smb service will be restarted automatically.
Affected Products
- Red Hat Virtualization 4 for RHEL 8 x86_64
- Red Hat Virtualization Host 4 for RHEL 8 x86_64
Fixes
- BZ - 1850939 - Hosted engine deployment does not properly show iSCSI LUN errors
- BZ - 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel
- BZ - 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
- BZ - 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
- BZ - 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
- BZ - 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4
- BZ - 1902646 - ssh connection fails due to overly permissive openssh.config file permissions
- BZ - 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml
- BZ - 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
- BZ - 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError
- BZ - 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed.
Red Hat Virtualization 4 for RHEL 8
SRPM | |
---|---|
cockpit-ovirt-0.14.17-1.el8ev.src.rpm | SHA-256: 51d4d12c540c39bec8d6eff1428698aaa1e3bfaf2e4119cae6e61c48f76b290a |
imgbased-1.2.16-0.1.el8ev.src.rpm | SHA-256: 45394af4b32538ef464efc0bf9a4d5f3c56fea63d184968d396ca2ef460de975 |
redhat-release-virtualization-host-4.4.4-1.el8ev.src.rpm | SHA-256: 63a59515a60363705b8001ff806250cd75b22fc56607f00714c11d84b5312edc |
x86_64 | |
cockpit-ovirt-dashboard-0.14.17-1.el8ev.noarch.rpm | SHA-256: 3d111ebcd75904c0f5ff28cf05b0d9ba904ae9f48d6eb88cf7041a076bd91b6c |
imgbased-1.2.16-0.1.el8ev.noarch.rpm | SHA-256: 491daa8f68d1896cdd91f62fae5f4c448b1111ecbc9b317841c70842ca67fb2c |
python3-imgbased-1.2.16-0.1.el8ev.noarch.rpm | SHA-256: 8fcf09157bc39f8a893b0e3549fb86f6d38f2056a9a8601ba9133d23e3e4bd9a |
redhat-release-virtualization-host-4.4.4-1.el8ev.x86_64.rpm | SHA-256: f74d2049c6812ce580e18b13fda84f14a8a72e368e464c8ede8b69630b383cf7 |
redhat-virtualization-host-image-update-placeholder-4.4.4-1.el8ev.noarch.rpm | SHA-256: 888e7685e9424d333be3b1a55735ebd24693c51ab5d8c19634c0c2d0ff402321 |
Red Hat Virtualization Host 4 for RHEL 8
SRPM | |
---|---|
redhat-virtualization-host-4.4.4-20210201.0.el8_3.src.rpm | SHA-256: 0ea5f6147885a7e7dc1b304a944163cb0ce768a72df430b8005eeaf79320a1a0 |
samba-4.12.3-12.el8.3.src.rpm | SHA-256: d0e7ea888db656621d6759a6c18537eb258353acab8c79bedc894ce377a95f8b |
sssd-2.3.0-9.el8.src.rpm | SHA-256: c18128fcddd9a2e4d08bf319f9b35149cc40f1ba3c507334a4c4cbd45a34c457 |
x86_64 | |
libipa_hbac-2.3.0-9.el8.x86_64.rpm | SHA-256: aa2c1fffa4dc2b60a053ccbab0b6fe0f616e51960b66ba19cecf887e45812ae3 |
libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 88d3918304144f48aeba5955770551fea5b744d1059584988a01632aa56a267d |
libsmbclient-4.12.3-12.el8.3.x86_64.rpm | SHA-256: bd9808b83fa18dc93db5821f373393ace97c8e39d539cb3563a27b56653d0754 |
libsmbclient-debuginfo-4.12.3-12.el8.3.x86_64.rpm | SHA-256: e2ee00c255561d343140677c4117cec26a4f89d95199efde719f4b1ed3caeace |
libsss_autofs-2.3.0-9.el8.x86_64.rpm | SHA-256: a4c41844aefdf0c79df081e9ee74416d7a8eab174dbde5fdf6c20adb345acfb3 |
libsss_autofs-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 137038db99d385099052beee1f947695f23f2358a90d03a1f56da8c34fcf7a23 |
libsss_certmap-2.3.0-9.el8.x86_64.rpm | SHA-256: c7d61caeadf8bcb822832ced5dcd185ed68e448628900f6720b7c3903ae783d5 |
libsss_certmap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 9a4200d0c01503f91a09adcf8628cff62450e502abe8b52f52e6a75d79aa7f48 |
libsss_idmap-2.3.0-9.el8.x86_64.rpm | SHA-256: a96d3aa2f7446a79b57278271ae71fab053e409bf6b827f0f4015bbf2667b533 |
libsss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: e09780edbad5715df673152ab8160c71d641cd3e1f524da323a3d11c9f7c62f9 |
libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm | SHA-256: b12dff017eb119ddcaa7037b69784ec4129223aa319725b5dd4544313a194659 |
libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 89b0b2ac0028fc4e9a1c67b0d43bfdf6c56bfd65e0a73c7304e5c4386596ca60 |
libsss_nss_idmap-devel-2.3.0-9.el8.x86_64.rpm | SHA-256: 9e0dbcc1fb4ac762b11ef8dfbf3ce780abc8e715045c4385e5f0f9727a235f0a |
libsss_simpleifp-2.3.0-9.el8.x86_64.rpm | SHA-256: e2d164f0814cb8f86a67f3594157511d28707b94f7eb48857a415439ffb12e58 |
libsss_simpleifp-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 421930a16bee2bca8bdfc283ae5614340b5e932c14e4816745e8251133bd4965 |
libsss_sudo-2.3.0-9.el8.x86_64.rpm | SHA-256: e2661429979aaca94921790a9d50e2a1b08eabc444040411cf599c604cc6b83a |
libsss_sudo-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: d6f0b956fb917f14b0e6345954222796ff507167f1b39b7fdbc50a4bf5dda79a |
python3-libipa_hbac-2.3.0-9.el8.x86_64.rpm | SHA-256: a4cc922053d56f223b42e4c2a63a96b16160892d0d48e0025bb334f1fe4b124f |
python3-libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 5d40bc1b37255e9667bad8823dc8a9076fe34aad76517a1ef7473c78b9b39cb9 |
python3-libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm | SHA-256: 5c5ed6931b2a5f7a984b461b914c8615059033ff35fda9a20ba30e06a324d47f |
python3-libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: fd068c40683e5fd562333b5c37032ca4f7e5b305100f5643bb3d2b1f80a90417 |
python3-sss-2.3.0-9.el8.x86_64.rpm | SHA-256: 856f12542ff54eb1cc771d215b492114d1182c7ef1ebeb2056b4120eb952fd2b |
python3-sss-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 25806f8daa6df318f57cf97dcc97b3c58fa29182ef27cf3d2a59acb88b43dc94 |
python3-sss-murmur-2.3.0-9.el8.x86_64.rpm | SHA-256: 3e318e5b4dfff6f3173fe2508132ca9e36ae99c61cb8c24de3047c1131986872 |
python3-sss-murmur-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 3306cf89686b41fcd25a0d869110f58ff2f320b3062b3019c52de0abfeefd2f5 |
python3-sssdconfig-2.3.0-9.el8.noarch.rpm | SHA-256: 8bd307feb9983c4fd4f70a62d76647f0ea500261ba419577ad4625e72a5bee1e |
redhat-virtualization-host-image-update-4.4.4-20210201.0.el8_3.noarch.rpm | SHA-256: d11b2eb656e40cc517180675f119c9b2f37488379a69f569f1d33be0c2b689eb |
samba-debuginfo-4.12.3-12.el8.3.x86_64.rpm | SHA-256: 4bd0401adb61616110107ad6cec4c9afeb096f30bb832a75f434a78592923fa2 |
samba-debugsource-4.12.3-12.el8.3.x86_64.rpm | SHA-256: ef8da3344e45a512fb10d8518b34abff5fa13d4537d31f6bac0d77dd9cfa996b |
sssd-2.3.0-9.el8.x86_64.rpm | SHA-256: 97be4e3374f461210ac632729239bd1169bab0d577653aa6c2c8502b3fa8d8aa |
sssd-ad-2.3.0-9.el8.x86_64.rpm | SHA-256: f7c42bc0964d76021754a6fb851dd54379fefa1093b01f14fc8da34971be7956 |
sssd-ad-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 66e5ca6f3ec8a65f0a939934798814051ed01fa70eda9bb2dafc2aa6aa09059b |
sssd-client-2.3.0-9.el8.x86_64.rpm | SHA-256: cdb37e87c5ce7cebb6b7e83483e8b7d1832f2ff6cd4f634f2b3b4053931b19b9 |
sssd-client-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 509341ccedd6d72efe4ad7bcb1b28bbab51ed2c041b7ec77956aa4546ddfa9a4 |
sssd-common-2.3.0-9.el8.x86_64.rpm | SHA-256: 7eb7ecba011a5176ff277466a3359bfef0321a80035f7717221b5072755c4a50 |
sssd-common-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 787e045dc424cd0e3aaf2fd32dc1bc2300807660c5e33b4d29fee04420d9183c |
sssd-common-pac-2.3.0-9.el8.x86_64.rpm | SHA-256: cd30f544bef54fdb2065dc912fa0346f35022e77e22fcc8a275220bf5702871c |
sssd-common-pac-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 35647ac10592c326f014fbd246497cbad100b7ed794ae2881735dc07b54deaa9 |
sssd-dbus-2.3.0-9.el8.x86_64.rpm | SHA-256: 6ecac98fae3f57029fd930fea171348eb3b42dbeaac331725c1a777148a44205 |
sssd-dbus-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: f857b409caf3f40e56eebe8922fd5d449b0c81a2eafb018e9741202594570972 |
sssd-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 2c31839334f90ee48678492a69f93186c6dc109014cd89680cc6fac8326ff962 |
sssd-debugsource-2.3.0-9.el8.x86_64.rpm | SHA-256: e92ee357d40b1bb4679a40f49cdf6fdd5e65dd432b47b1e6b8a94c36e69825a7 |
sssd-ipa-2.3.0-9.el8.x86_64.rpm | SHA-256: 584b156fc51e13586bdcd36f2798ceeb3ef792c6cb51867a81424ad7a2f7ad09 |
sssd-ipa-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 0059244ba9a4a46bb6ebce72ac3235fcfe3585f9769e91e0ad5b8ac32f251ee5 |
sssd-kcm-2.3.0-9.el8.x86_64.rpm | SHA-256: 2ef5558f0a0c6d822f65e42950b43f58e83ef004942539ca0d5525ab8b324f54 |
sssd-kcm-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: e375668e81fb9e89395483ee6d8e5046d40709b6ac74e8d20ea4a2a0cefea89e |
sssd-krb5-2.3.0-9.el8.x86_64.rpm | SHA-256: dc8ca8530557e0aa3e4d267a2ccc45d10253e802eff71032f3d9883806385ca7 |
sssd-krb5-common-2.3.0-9.el8.x86_64.rpm | SHA-256: b486afb6c5ca3bb2665e87b214f851188748035df61a2fba757cdbfc81e7958e |
sssd-krb5-common-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 91f44bdd5b63605ea33bfd3a5e572d79429c76ef7a690c300238b0b2e80b6d08 |
sssd-krb5-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 13c24f20dbfdff0f0f111762c43c87cca82268ec1d3a18f8845ffcb8a92f583c |
sssd-ldap-2.3.0-9.el8.x86_64.rpm | SHA-256: e96d6da10f11b992ad8eeaddd630d5cf608c387ff3d8099bbd07838a73af386a |
sssd-ldap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 7ee121af37708e540ba9946d5bdc056680d39e3e71dc0e5c354c9336c4ca0be0 |
sssd-libwbclient-2.3.0-9.el8.x86_64.rpm | SHA-256: 22ae32df4dead901130acb98c2863f2d152498f847a74045bb8aaa540757eb00 |
sssd-libwbclient-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 07c2f616444921156d4ba0f146f04a8e479f468b42b6a4aac996f981a4522a31 |
sssd-nfs-idmap-2.3.0-9.el8.x86_64.rpm | SHA-256: 4476a92d949229c4eba1fc216356971c400dfcafb7004ad2d321aa9190b34260 |
sssd-nfs-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 25ae013ad1c897d8dc3efd9fed10cbc05b2fc12e0157b70a27939d697239412f |
sssd-polkit-rules-2.3.0-9.el8.x86_64.rpm | SHA-256: 8edd319641aa2e7579d0b3a96a8fa87df65c4aeda774757556f8c73e7398512a |
sssd-proxy-2.3.0-9.el8.x86_64.rpm | SHA-256: d7e05bba845f2635386acdf3aec67d859dd1a32056086bb4b6d60033e3ddb7a1 |
sssd-proxy-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: b689fd640961acf6793591ff49d6a4b7ace75dcb97bb8f0e345f78fff24a5eac |
sssd-tools-2.3.0-9.el8.x86_64.rpm | SHA-256: ac04e61a47b1533ceafdfea0cbadd1b845205582b9bdada92f2d1e8894a596ad |
sssd-tools-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 107989b3445bd731d0f8b7bd3c07daa8614dbf02c79ff7ce6e02ed302749b33e |
sssd-winbind-idmap-2.3.0-9.el8.x86_64.rpm | SHA-256: 7bbbc0b5fd0770346ff9c059bffb5dafd0b31c787d76c9646c6f3cab466fdfec |
sssd-winbind-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm | SHA-256: 3cc1789e8f8fa9416545d49db41d322c9045ded904e2c3b0ff6e6e023c2c6ace |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.