Red Hat Product Errata RHSA-2022:1263 - Security Advisory
Issued:
2022-04-07
Updated:
2022-04-07

RHSA-2022:1263 - Security Advisory

Synopsis

Important: RHV-H security update (redhat-virtualization-host) 4.3.22

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines.
RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

  • kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
  • kernel: use-after-free in RDMA listen() (CVE-2021-4028)
  • kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
  • kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
  • aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)
  • kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
  • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
  • kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
  • cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
  • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
  • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
  • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization Host 4 for RHEL 7 x86_64

Fixes

  • BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
  • BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
  • BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
  • BZ - 2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
  • BZ - 2041489 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
  • BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
  • BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
  • BZ - 2048409 - Rebase RHV-H 4.3 on RHEL 7.9 batch #13
  • BZ - 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
  • BZ - 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()
  • BZ - 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
  • BZ - 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
  • BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Red Hat Virtualization 4 for RHEL 7

SRPM
redhat-release-virtualization-host-4.3.22-1.el7ev.src.rpm SHA-256: 825c9b231a4224f513e2aea3c88d0bdaaa06d1839ec89c481e257cd99983ba03
redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm SHA-256: 05a6ead4f556de849e8320c5381c8502b7c7a8e5f529c5a225b1201aba7c5c60
redhat-virtualization-host-productimg-4.3.22-1.el7.src.rpm SHA-256: fbf8825b8e2dd34830eff8ebf2d9125d7f16430aa195fac14faf1a712da1a84b
x86_64
redhat-release-virtualization-host-4.3.22-1.el7ev.x86_64.rpm SHA-256: 8aa8920ea0896234be2944c66e228a37f63e5e61dc0fe9d1f85fcd8a03686465
redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm SHA-256: 0a499c585a44c7c43bf532b5b79e4f8f8d4fec1b14df276c12e1b2cbcfffec37
redhat-virtualization-host-image-update-placeholder-4.3.22-1.el7ev.noarch.rpm SHA-256: 5caacbeb8a9c06747dfbc6c54e20aa58ba05fed21e257c0be431b9ae6eb10337
redhat-virtualization-host-productimg-4.3.22-1.el7.x86_64.rpm SHA-256: d127a7d2f6a448687efaba3c25f6073d23b7b4b71496d8805694e4acd7aa552a

Red Hat Virtualization Host 4 for RHEL 7

SRPM
redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm SHA-256: 05a6ead4f556de849e8320c5381c8502b7c7a8e5f529c5a225b1201aba7c5c60
x86_64
redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm SHA-256: 0a499c585a44c7c43bf532b5b79e4f8f8d4fec1b14df276c12e1b2cbcfffec37

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.