Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2021:2736 - Security Advisory
Issued:
2021-07-22
Updated:
2021-07-22

RHSA-2021:2736 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7]

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

  • kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
  • systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910)
  • kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)
  • ansible: multiple modules expose secured values (CVE-2021-3447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • The redhat-release-virtualization-host package no longer requires vdsm-hooks. In this release, the installation of vdsm-hooks is not mandatory for the Red Hat Virtualization Host. (BZ#1976095)
  • Previously, rhsmcertd was not enabled by default on the Red Hat Virtualization Host. As a result, the systems did not regularly report to RHSM while the subscription-manager reported no obvious issues and repositories were properly enabled.

In this release, rhsmcertd is enabled by default in RHVH, and as a result, RHSM now receives reports regularly. (BZ#1958145)

  • In this release, the Red Hat Virtualization Host has been rebased on top of the RHEL 8.4.0 Batch #1 update. For more information, see the RHEL release notes. (BZ#1957242)
  • Red Hat Virtualization Host now includes an updated scap-security-guide-rhv which allows you to apply a PCI DSS security profile to the system during installation, (BZ#1883793)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization 4 for RHEL 8 x86_64
  • Red Hat Virtualization Host 4 for RHEL 8 x86_64

Fixes

  • BZ - 1883793 - [RFE] RHV installation with PCI DSS compliance
  • BZ - 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
  • BZ - 1955415 - RHVH 4.4: There are AVC denied errors in audit.log after upgrade
  • BZ - 1957242 - Rebase RHV-H 4.4.7 on RHEL 8.4.0.1
  • BZ - 1958145 - [RHVH 4.4.5] Need to enable rhsmcertd service on the host by default
  • BZ - 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
  • BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer
  • BZ - 1970887 - CVE-2021-33910 systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash
  • BZ - 1970970 - Rebase RHVH 4.4.6 host image with kernel fix for fnic issue
  • BZ - 1976005 - No swap on RHVH 4.4.6
  • BZ - 1976095 - redhat-release-virtualization-host-content shouldn't have hard dependency on vdsm hooks
  • BZ - 1976118 - Failed to enable unit: Unit file rdma.service does not exist in %post execution
  • BZ - 1976146 - Include fcoe-utils package into CDN: rhvh-4-for-rhel-8-x86_64-rpms
  • BZ - 1976148 - Include vhostmd package into CDN: rhvh-4-for-rhel-8-x86_64-rpms

CVEs

  • CVE-2021-3447
  • CVE-2021-32399
  • CVE-2021-33034
  • CVE-2021-33909
  • CVE-2021-33910

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/RHSB-2021-006
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 8

SRPM
imgbased-1.2.21-1.el8ev.src.rpm SHA-256: 9c034e100786659856ed094a35df2beaf9b31c140bb7013702f41e60ad63c945
redhat-release-virtualization-host-4.4.7-3.el8ev.src.rpm SHA-256: 5107edb5ed233047ad05c7f340d59d3accb4bea3ab29eb11bd1f9e28ea20785f
scap-security-guide-0.1.54-2.el8ev.src.rpm SHA-256: 01bbdc1179c23ff8a94fa38f2e6056546a0c0d93b3c90215ba5a9caf30f42898
x86_64
imgbased-1.2.21-1.el8ev.noarch.rpm SHA-256: 91884c35d0834d3b00f750252f0948e8e723f80ebd1c5e6d68383ff6c619b2f7
python3-imgbased-1.2.21-1.el8ev.noarch.rpm SHA-256: 2909b1466880056506ce639c96471f128499e9dc1485dcf40f983b783cc6a8ec
redhat-release-virtualization-host-4.4.7-3.el8ev.x86_64.rpm SHA-256: c0acb3d1b28d617482cfef5d9c2f0a8c4ac45a8d48e0af4eb02ba10929bf4861
redhat-virtualization-host-image-update-placeholder-4.4.7-3.el8ev.noarch.rpm SHA-256: 28ccd1c3f20cbe78da590ad2c7b657a85df3fc2c9a0c945d3ff9418fb654137a
scap-security-guide-rhv-0.1.54-2.el8ev.noarch.rpm SHA-256: 57c86a75ccd28b84d69645d69ca9b75738c5527d10c9a7bd0f32c1add416b10a

Red Hat Virtualization Host 4 for RHEL 8

SRPM
fcoe-utils-1.0.33-3.git848bcc6.el8.src.rpm SHA-256: 0df1c75a769488e346fabb726f60ae01e32b33c8250018249951d2aae41566f1
redhat-virtualization-host-4.4.7-20210715.1.el8_4.src.rpm SHA-256: f1840c680544df653ac455256214dcf0baa5b9406b76cd87e59398ed125536e4
vhostmd-1.1-5.el8.src.rpm SHA-256: a9e3ada3c37ed414fe1d25a9891a0d2fd6c159c9c2146901609b59533587d860
x86_64
fcoe-utils-1.0.33-3.git848bcc6.el8.x86_64.rpm SHA-256: cfa3fc199b542118bab84e47172eaa2d898448bc8d978356562c7f9ae140d23d
fcoe-utils-debuginfo-1.0.33-3.git848bcc6.el8.x86_64.rpm SHA-256: 324a3b99b3329bee6253c1688a4365134252d44c8fbd18cd4c54f159f57857c1
fcoe-utils-debugsource-1.0.33-3.git848bcc6.el8.x86_64.rpm SHA-256: 17368d3a6a7a32b40a8ee0141bc72a5720020e1d6b0b9a9b18f6f2f89d882a3d
redhat-virtualization-host-image-update-4.4.7-20210715.1.el8_4.x86_64.rpm SHA-256: f9562b4887b911839de50856d6b0f995ef9e41588a9ddcd63d3dae670a880b1d
vhostmd-1.1-5.el8.x86_64.rpm SHA-256: a55539a02cadc5e051ee443bb819836f3acf11072a5adb1e02e7de6331d73ceb
vhostmd-debuginfo-1.1-5.el8.x86_64.rpm SHA-256: 285dcd6a120dfd3ed146094fda10510e02dbc0d2f432f061a049ffadbf5dc6be
vhostmd-debugsource-1.1-5.el8.x86_64.rpm SHA-256: e7281c2d3ad65e28af78bf697fbf0126186b6e82b2649c9dcf9d2f1d3886dd44
vm-dump-metrics-1.1-5.el8.x86_64.rpm SHA-256: e69ab07bebf1ba7df0616c8de0a4ce74eafe66c6a851dbe285836dc591aab5cf
vm-dump-metrics-debuginfo-1.1-5.el8.x86_64.rpm SHA-256: 61744e238de36ec9026c0b9b5e718d5d3e55b18bb1636d05efedc800a692938c
vm-dump-metrics-devel-1.1-5.el8.x86_64.rpm SHA-256: 8ac215a78676274dc5fd08f401a335e51bb89d05e3cf951a51bfc26f6f98a387

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook