Red Hat Product Errata RHSA-2021:1051 - Security Advisory
Issued:
2021-03-31
Updated:
2021-03-31

RHSA-2021:1051 - Security Advisory

Synopsis

Moderate: RHV-H enhancement and security update (redhat-virtualization-host) 4.3.14

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines. RHVH
features a Cockpit user interface for monitoring the host's resources and
performing administrative tasks.

Security Fix(es):

  • lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization Host 4 for RHEL 7 x86_64

Fixes

  • BZ - 1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak
  • BZ - 1924062 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #4
  • BZ - 1932859 - Rebase RHV-H 4.3.14 on FDP 2.11 (21B)
  • BZ - 1940841 - Include updated gluster-ansible-features in RHV-H 4.3

Red Hat Virtualization 4 for RHEL 7

SRPM
redhat-release-virtualization-host-4.3.14-2.el7ev.src.rpm SHA-256: c896101f04c6b55d59126a0c0ac12713320c97f070a37b4ba25bef90b3bac08c
redhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm SHA-256: be02a71098aa3880c504b79d1a10ad451c702112aa984fe54d1a55ae7126ecef
x86_64
redhat-release-virtualization-host-4.3.14-2.el7ev.x86_64.rpm SHA-256: a2de6ddb63f6c0481a2d8b6f310427608038dac62d905aaf77949210060cc22f
redhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm SHA-256: 07021f419e12e4afc2f97c6528180f9f8f6f686fbcd6fb79567da1fae18f5ef7
redhat-virtualization-host-image-update-placeholder-4.3.14-2.el7ev.noarch.rpm SHA-256: e6ae48a06e611a1bc909605d4b65e9d84700b31b9faf9412f3c2d15cdc6ad12b

Red Hat Virtualization Host 4 for RHEL 7

SRPM
redhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm SHA-256: be02a71098aa3880c504b79d1a10ad451c702112aa984fe54d1a55ae7126ecef
x86_64
redhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm SHA-256: 07021f419e12e4afc2f97c6528180f9f8f6f686fbcd6fb79567da1fae18f5ef7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.