Issued:: 2023-06-06
Updated:: 2023-06-06

RHSA-2023:3491 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat Virtualization Host 4.4.z SP 1 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Security Fix(es):

kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023)
kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

Red Hat Virtualization 4 for RHEL 8 x86_64
Red Hat Virtualization Host 4 for RHEL 8 x86_64

Fixes

BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
BZ - 2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability
BZ - 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
BZ - 2154362 - CVE-2022-38023 samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 8

SRPM
redhat-release-virtualization-host-4.5.3-7.el8ev.src.rpm	SHA-256: 4ddb9ff8032f0582b38373a773d2b6e3155f63614a747ede8c01ad934a4f1748
x86_64
redhat-release-virtualization-host-4.5.3-7.el8ev.x86_64.rpm	SHA-256: f1af6e114212d94af9e9bda9d2770ec2cea1fd6419561d5e6d0f7ab8940221b8
redhat-release-virtualization-host-content-4.5.3-7.el8ev.x86_64.rpm	SHA-256: 5ce3f47b359480a1ea6c13215a0d2087a65a7004b6c6de75c5e3841724ec9c5a
redhat-virtualization-host-image-update-placeholder-4.5.3-7.el8ev.noarch.rpm	SHA-256: baafd9d6f9719cc2895d0b64003c8bb5704fb857b0c70fdaa718bbbf7f939db5

Red Hat Virtualization Host 4 for RHEL 8

SRPM
redhat-virtualization-host-4.5.3-202306050942_8.6.src.rpm	SHA-256: e63fd12f7bf8109cb7d27e4a1f3b43c4fe4d03995d3a12159f81c09b6f971af6
x86_64
redhat-virtualization-host-image-update-4.5.3-202306050942_8.6.x86_64.rpm	SHA-256: f88018ed8e74597806d53d19bdcc0f281566fcf87c7427f0f11f14c9b019d7fe

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation