Red Hat Product Errata RHSA-2023:0859 - Security Advisory
Issued:
2023-02-21
Updated:
2023-02-21

RHSA-2023:0859 - Security Advisory

Synopsis

Important: Red Hat Virtualization Host 4.4.z SP 1 security update batch#4 (oVirt-4.5.3-4)

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

  • kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
  • libksba: integer overflow to code execution (CVE-2022-47629)
  • sudo: arbitrary file write with privileges of the RunAs user (CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization 4 for RHEL 8 x86_64
  • Red Hat Virtualization Host 4 for RHEL 8 x86_64

Fixes

  • BZ - 2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access
  • BZ - 2161142 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user
  • BZ - 2161571 - CVE-2022-47629 libksba: integer overflow to code execution
  • BZ - 2169971 - Rebase RHV-H 4.4 SP1 on RHEL 8.6.0.6 EUS

Red Hat Virtualization 4 for RHEL 8

SRPM
redhat-release-virtualization-host-4.5.3-4.el8ev.src.rpm SHA-256: 128802421d831b147483ef5ffedce131a55e47d1d7a9754d1f710839a7149cae
x86_64
redhat-release-virtualization-host-4.5.3-4.el8ev.x86_64.rpm SHA-256: 5abe9a9fd1267aea64a7132886aa9ebe8723357890777d054d6ebe0c9a7b3799
redhat-release-virtualization-host-content-4.5.3-4.el8ev.x86_64.rpm SHA-256: 470442f67b1ae0d5ca01f0fed34b8a2be36fb22b4078fe691db531b5eea4074a
redhat-virtualization-host-image-update-placeholder-4.5.3-4.el8ev.noarch.rpm SHA-256: 6a61a758d67de63439f170a4e296d100c0aed1fa29a09c6ae893e3c53adf8e8c

Red Hat Virtualization Host 4 for RHEL 8

SRPM
redhat-virtualization-host-4.5.3-202302150956_8.6.src.rpm SHA-256: b38e49c79159ebe5d4c637cba5b06f69017cdec955a9074bae70e0a2f167f3ae
x86_64
redhat-virtualization-host-image-update-4.5.3-202302150956_8.6.x86_64.rpm SHA-256: 1d0194a4a038d9ff504578f15bdee70410da72a564c6eb35dcd645c88a9b11d3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.