Issued:: 2021-12-02
Updated:: 2021-12-02

RHSA-2021:4910 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: OpenShift Virtualization 4.8.3 RPMs security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Virtualization release 4.8.3 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.8.3 RPMs.

Security Fix(es):

golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Container Native Virtualization 4.8 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.8 for RHEL 7 x86_64

Fixes

BZ - 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
BZ - 2007344 - 4.8.3 rpms

CVEs

CVE-2021-29923

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Container Native Virtualization 4.8 for RHEL 8

SRPM
kubevirt-4.8.3-251.el8.src.rpm	SHA-256: 332599b55f46f892f534a9043f7000d71e8d398a42aa38416842bbec6bb8c01d
x86_64
kubevirt-virtctl-4.8.3-251.el8.x86_64.rpm	SHA-256: 2cad2f74dbf89d88c4dcf829b876758a01db6187ccc8edec7a7480678dd517f8
kubevirt-virtctl-redistributable-4.8.3-251.el8.x86_64.rpm	SHA-256: 75742cc1c47f574d5e9f0bf9f52d377aef5f22490f9c69b6be5d779e60420a2b

Red Hat Container Native Virtualization 4.8 for RHEL 7

SRPM
kubevirt-4.8.3-251.el7.src.rpm	SHA-256: e458cd0f8fe668e646fb6ed71bed6a9f3eb4af1e7f72fae4c98175c13c11f9b5
x86_64
kubevirt-virtctl-4.8.3-251.el7.x86_64.rpm	SHA-256: 0774010d2e04355effe516a46ab9666757564f14dec8299e90f2d97f98f697af
kubevirt-virtctl-redistributable-4.8.3-251.el7.x86_64.rpm	SHA-256: 6f596f5cb0cc8402cfcf4da32ba4fa6b9e798f26417f6b1c825b5f4c3f556422

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation