- Issued:
- 2022-04-07
- Updated:
- 2022-04-07
RHSA-2022:1263 - Security Advisory
Synopsis
Important: RHV-H security update (redhat-virtualization-host) 4.3.22
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The redhat-virtualization-host packages provide the Red Hat Virtualization Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines.
RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
- kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
- kernel: use-after-free in RDMA listen() (CVE-2021-4028)
- kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
- kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
- aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)
- kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
- cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
- expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
- expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
- expat: Integer overflow in storeRawNames() (CVE-2022-25315)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Virtualization 4 for RHEL 7 x86_64
- Red Hat Virtualization Host 4 for RHEL 7 x86_64
Fixes
- BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
- BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
- BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- BZ - 2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
- BZ - 2041489 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
- BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
- BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
- BZ - 2048409 - Rebase RHV-H 4.3 on RHEL 7.9 batch #13
- BZ - 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
- BZ - 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()
- BZ - 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- BZ - 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
CVEs
Red Hat Virtualization 4 for RHEL 7
| SRPM | |
|---|---|
| redhat-release-virtualization-host-4.3.22-1.el7ev.src.rpm | SHA-256: 825c9b231a4224f513e2aea3c88d0bdaaa06d1839ec89c481e257cd99983ba03 |
| redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm | SHA-256: 05a6ead4f556de849e8320c5381c8502b7c7a8e5f529c5a225b1201aba7c5c60 |
| redhat-virtualization-host-productimg-4.3.22-1.el7.src.rpm | SHA-256: fbf8825b8e2dd34830eff8ebf2d9125d7f16430aa195fac14faf1a712da1a84b |
| x86_64 | |
| redhat-release-virtualization-host-4.3.22-1.el7ev.x86_64.rpm | SHA-256: 8aa8920ea0896234be2944c66e228a37f63e5e61dc0fe9d1f85fcd8a03686465 |
| redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm | SHA-256: 0a499c585a44c7c43bf532b5b79e4f8f8d4fec1b14df276c12e1b2cbcfffec37 |
| redhat-virtualization-host-image-update-placeholder-4.3.22-1.el7ev.noarch.rpm | SHA-256: 5caacbeb8a9c06747dfbc6c54e20aa58ba05fed21e257c0be431b9ae6eb10337 |
| redhat-virtualization-host-productimg-4.3.22-1.el7.x86_64.rpm | SHA-256: d127a7d2f6a448687efaba3c25f6073d23b7b4b71496d8805694e4acd7aa552a |
Red Hat Virtualization Host 4 for RHEL 7
| SRPM | |
|---|---|
| redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm | SHA-256: 05a6ead4f556de849e8320c5381c8502b7c7a8e5f529c5a225b1201aba7c5c60 |
| x86_64 | |
| redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm | SHA-256: 0a499c585a44c7c43bf532b5b79e4f8f8d4fec1b14df276c12e1b2cbcfffec37 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.