Issued:: 2022-05-18
Updated:: 2022-05-18

RHSA-2022:4667 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: OpenShift Virtualization 4.10.1 RPMs security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.10.1 RPMs.

Security Fix(es):

prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

4.10.1 rpms (BZ#2065755)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Container Native Virtualization 4.10 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.10 for RHEL 7 x86_64

Fixes

BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
BZ - 2065755 - 4.10.1 rpms

CVEs

CVE-2022-21698

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Container Native Virtualization 4.10 for RHEL 8

SRPM
kubevirt-4.10.1-489.el8.src.rpm	SHA-256: 80c01a3b14945cc36b4be98af0ce90cc76f03c9413be0d723e1c9f621d04ab10
x86_64
kubevirt-virtctl-4.10.1-489.el8.x86_64.rpm	SHA-256: d55fa5cb1bea1d4b506a647befafdfc327b49c99d47f3e99ec3246cd529d05eb
kubevirt-virtctl-redistributable-4.10.1-489.el8.x86_64.rpm	SHA-256: f463dbce90f505b6546cf21680415dd268a0c43b25aafd3eefe0037d6afce2f9

Red Hat Container Native Virtualization 4.10 for RHEL 7

SRPM
kubevirt-4.10.1-489.el7.src.rpm	SHA-256: 0bf3a86893a7405937b2152696c7c09b2935bd031111a75a7531396a18334d09
x86_64
kubevirt-virtctl-4.10.1-489.el7.x86_64.rpm	SHA-256: bec7ad1a5d673c543b528239a9c845998c16452c8f4d87b512292ab2bcca60ce
kubevirt-virtctl-redistributable-4.10.1-489.el7.x86_64.rpm	SHA-256: d3340ee2860bda1bfc79024567aef37158f9f4f8ff8e71185f541c4ca94c6f0c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation