Issued:: 2021-06-03
Updated:: 2021-06-03

RHSA-2021:2239 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat Virtualization Host security update [ovirt-4.4.6]

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

python-cryptography: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25659)
krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS (CVE-2020-28196)
python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow and lead to buffer overflows (CVE-2020-36242)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Previously, old RPM files were not properly removed during package removal (uninistall) or upgrade. As a result, removed packages were reinstalled, or, during and upgrade, the system tried to install two or more different versions at once, causing the upgrade to fail.

In this release, the dnf plugin has been fixed, and RPM packages are now properly removed.
The new version will also auto-heal the broken system by removing RPM packages which are not supposed to be in the persisted-rpms directory. (BZ#1936972)

With this release, ovirt-hosted-engine-ha supports multiple, comma-separated values for all iSCSI configuration items. (BZ#1909888)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

Red Hat Virtualization 4 for RHEL 8 x86_64
Red Hat Virtualization Host 4 for RHEL 8 x86_64

Fixes

BZ - 1779052 - RHVH 4.4: AVC denied errors (dac_override) in audit.log
BZ - 1882542 - [downstream] Failed to assign network to Infiniband Bond
BZ - 1889988 - CVE-2020-25659 python-cryptography: bleichenbacher timing oracle attack against RSA decryption
BZ - 1897893 - RHVH does not keep the same IPv6 address on each reprovision
BZ - 1901041 - CVE-2020-28196 krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS
BZ - 1901878 - Rebase RHV-H on RHEL 8.4
BZ - 1909888 - [RFE] Support multiple IQN in hosted-engine.conf for Active-Active DR setup
BZ - 1926226 - CVE-2020-36242 python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow and lead to buffer overflows
BZ - 1931443 - After reboot a RHV-H host fails to boot displaying error: ../../grub-core/loader/i386/pc/linux.c:170:invalid magic number
BZ - 1936972 - [RHVH] Failed to reinstall persisted RPMs
BZ - 1938925 - RHV-H iso needs to include NetworkManager-1.26.0-12.el8_3 or later.
BZ - 1942580 - End User License Agreement trademarks Shadowman but not new logo
BZ - 1944632 - Rebase RHV-H 4.4.6 on FDP 2.11 21.C
BZ - 1946095 - "No valid network interface has been found" when starting HE deployment via cockpit
BZ - 1948944 - RHVH 4.4.6 ISO (RHVH-4.4-20210412.3-RHVH-x86_64-dvd1.iso) installation failed
BZ - 1949431 - The directory of EULA presented on the UI is incorrect
BZ - 1957604 - oVirt logo appears in RHV-H under the virtualization tab

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 8

SRPM
cockpit-ovirt-0.15.0-2.el8ev.src.rpm	SHA-256: f2a4a1af30eb7c21d8b1492670153c0452a32efca9cc104843778eeb733f0e9c
imgbased-1.2.19-1.el8ev.src.rpm	SHA-256: 8eacc20876dafd9ccf8771b0ca650663ac438cb59fc8e3cd574256cc4d2e4671
ovirt-hosted-engine-ha-2.4.7-1.el8ev.src.rpm	SHA-256: f79cba60e7b97eead5f40b0b76a81793a99e02a2add478c44601b2c3b886279b
redhat-release-virtualization-host-4.4.6-1.el8ev.src.rpm	SHA-256: bec2477337bddc6080ea58c3e00bb6692d27279a87cdd47fba743045f465f59f
scap-security-guide-0.1.54-1.el8ev.src.rpm	SHA-256: 86b139b3923077f2101c7b69c247488bcfe04931c65653119821e1e3f145ba34
x86_64
cockpit-ovirt-dashboard-0.15.0-2.el8ev.noarch.rpm	SHA-256: 2a3cd3dc707bd3a7dbf4d805e49babd0a83e4c9e751dbb2ef3486d8748cf5116
imgbased-1.2.19-1.el8ev.noarch.rpm	SHA-256: 7dc0f1f914b4e18f590e1166a13da3e6e2e084d6c880428d42403f344e74c512
ovirt-hosted-engine-ha-2.4.7-1.el8ev.noarch.rpm	SHA-256: d63a3809cb6296627bb1acc70fb3c89d093a23edbb3ec1f0512d6eb175ff0f2e
python3-imgbased-1.2.19-1.el8ev.noarch.rpm	SHA-256: 70afa72a2082ea4b239d4c5a4d151baa584498b1db484b482f9c2eacae4d8c88
redhat-release-virtualization-host-4.4.6-1.el8ev.x86_64.rpm	SHA-256: 396aea7f8506999fcff17efae834cad9a02822a61638aa9ef3367b4fe7658664
redhat-virtualization-host-image-update-placeholder-4.4.6-1.el8ev.noarch.rpm	SHA-256: ae45a7d47f90fdfcec6283f98f1246e7e012a1702b73997dbd343468358c7149
scap-security-guide-rhv-0.1.54-1.el8ev.noarch.rpm	SHA-256: 77561ede09cc9b7139472f4aff41913c06105259081b79ee157034e75709b4e9

Red Hat Virtualization Host 4 for RHEL 8

SRPM
redhat-virtualization-host-4.4.6-20210527.3.el8_4.src.rpm	SHA-256: d280e9dd4ac0d0d7ca6aaaeb75bd1f43774bda30a23db943500959202a622f3c
x86_64
elfutils-debuginfo-0.182-3.el8.x86_64.rpm	SHA-256: 19781113b12ca59e4f9275095251751d8ba088a41adc71fbe8a2c84340bedf56
elfutils-debuginfod-client-0.182-3.el8.x86_64.rpm	SHA-256: 13e921e308e602b3527a93dacf0fc9bcada110e9dd3fdc1a338b3fd708b85aac
elfutils-debuginfod-client-debuginfo-0.182-3.el8.x86_64.rpm	SHA-256: c221a029b0c4b86891d2d04b40f73b6b9e7b0140c537b57a1d1fab132555408a
elfutils-debuginfod-debuginfo-0.182-3.el8.x86_64.rpm	SHA-256: 2108a19d287b395973382fd365ff3acbdbc2c75f8cf9a4c3eda2c0f4ce6e0653
elfutils-debugsource-0.182-3.el8.x86_64.rpm	SHA-256: f40786b8f68e8928fcf82027cb45fe3a41362cde9f265b44df6e4d266b90f60c
elfutils-libelf-debuginfo-0.182-3.el8.x86_64.rpm	SHA-256: c740d81b2da78611ad24e0a4bc336fdfa2c995de81bb3afe46d1b1f764fbc7f7
elfutils-libs-debuginfo-0.182-3.el8.x86_64.rpm	SHA-256: 4236cce00d0181e079bfc1e393667e72aa783d7fd50a54ef2a3c556ce3e6b153
redhat-virtualization-host-image-update-4.4.6-20210527.3.el8_4.x86_64.rpm	SHA-256: f7956d8e25667f3864e048e73784fc1618cd0e2c64a19dee069760d8b7a4056f

Red Hat Virtualization for IBM Power LE 4 for RHEL 8

SRPM
ovirt-hosted-engine-ha-2.4.7-1.el8ev.src.rpm	SHA-256: f79cba60e7b97eead5f40b0b76a81793a99e02a2add478c44601b2c3b886279b
ppc64le

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation