Issued:: 2023-08-01
Updated:: 2023-08-01

RHSA-2023:4421 - Security Advisory

Overview
Updated Images

Synopsis

Important: OpenShift Virtualization 4.12.5 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Virtualization release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.12.5 images.

Security Fix(es):

openshift: OCP & FIPS mode (CVE-2023-3089)
golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

[4.12] must-gather doesn't collect ruletebles (BZ#2208641)
nft rules are not collected if the VMs are running in the node where must-gather is running (BZ#2214454)
[cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher runtimeclass (BZ#2217913)
USB-redirection regression (BZ#2221222)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Container Native Virtualization 4.12 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.12 for RHEL 7 x86_64

Fixes

BZ - 2027959 - [RFE] virt-launcher pod of Windows VM stuck in terminating state, no button in the UI to force power off
BZ - 2182056 - Cloned VM should not use the same PVC of the source VM
BZ - 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
BZ - 2208641 - [4.12] must-gather doesn't collect ruletebles
BZ - 2209318 - [4.12.z] VM connected to a VLAN is also receiving packets from VLAN 1
BZ - 2209848 - OpenShift Virtualization Overview page shows no metrics for "All Projects"
BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
BZ - 2214454 - nft rules are not collected if the VMs are running in the node where must-gather is running
BZ - 2216447 - must-gather: Multiple empty files under vms/<vm-name> if the VM was live migrated
BZ - 2216449 - must-gather is using unavailable brctl command
BZ - 2217913 - [cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher runtimeclass
BZ - 2220843 - [4.12]Missing StorageProfile defaults for IBM and AWS EFS CSI provisioners
BZ - 2221222 - USB-redirection regression
BZ - 2222011 - [4.12]DataImportCron Garbage Collection can mistakenly delete latest PVC

CVEs

References

x86_64

container-native-virtualization/bridge-marker@sha256:a02ee77372f00b27846a0c6deffac66e0668d7813e5f098e59ff3c5f78537ef3

container-native-virtualization/cluster-network-addons-operator@sha256:1f751fc283f4eb594dd24460b90940e3d6e1a0f8e8bbb4ea15b0256fc848583d

container-native-virtualization/cnv-containernetworking-plugins@sha256:66cc9726f789717c9951f2791aefd51f500fad5eb0c6a23d08e9b2bab1f18b8a

container-native-virtualization/cnv-must-gather-rhel8@sha256:34f9bf00d59822c9412082e3f2ba68ea1eeae77f150b543a3708b4510c6c675e

container-native-virtualization/hco-bundle-registry@sha256:fdbd8e15ed4c3893bec71866c5bf37caca1e4cb9c021c77e72b48d28a7357215

container-native-virtualization/hostpath-csi-driver@sha256:1f9d10182a5ba15b921eb09acbbd55646fbe3f40ac134f43d282be6416acabe5

container-native-virtualization/hostpath-provisioner-rhel8@sha256:83874adef85863588975c65ef95aa75ef8a7af1cceab9055c619d50d4da26652

container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:f082d07f0cf9f8163118975603febe0979c112891008a4b74c9d66a4ef2d84a4

container-native-virtualization/hyperconverged-cluster-operator@sha256:9216dcd92910ff2ff80400a821ece03d1afefa94d0a654ad6d9fcb74ea16f51a

container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:9709ecd32bd81bf4c19d1ad69cbfde7c9777b7eed3b3f02ef992a9320f195d04

container-native-virtualization/kubemacpool@sha256:095bcfb80af438568a4d2c393d2ab92b0e6f6df782b05255668cc74078dcf7cb

container-native-virtualization/kubevirt-console-plugin@sha256:dd5fd3ae594c809bbafd1bac216a66181c1df830a437aae67754e8e31b628759

container-native-virtualization/kubevirt-ssp-operator@sha256:3abb2f27ec40057c57fa5033e85d4526980ece6f9da4482e0c48bd6c6a9fa5f4

container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:38168a4e9f3fda1822f53bb0043672dc5aada1668308c326f98de89a51c68ef9

container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b81ca97734c4a3a46805d95e88346c0d54e5e89e3638de80bc6b89cfd847b0fe

container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:51ae5c8256adccda6e0cb8bbdcd540f3d8d613c42382c31dfdf7782665344ea6

container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:21a3d11e32961f3aabec9b3fdb25e57d3f003967fef75b705d59a3a0bce3d98b

container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:e0478361a5a04266317228b67920af7f15b4870bc34bd79f30e47935979a3e02

container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:c777f0013dc0e370278889c6ac304a39bcd2c2787defd8f4b1b39266a7ab4457

container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:cd460395a513a6046bc42985d41019f552cbce7d6c74fef5ee0118b63ba06de5

container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7eab7f2b7b31bf439756d43c5c5e684a2e7b4a115b07a53bb9e12276b69f1efe

container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:8a7c02ab82cc707403382ea9f5a777822809a52e5f1b70fb7a896c005c955acc

container-native-virtualization/kubevirt-template-validator@sha256:b249b2ca3363fc76e8b7e7f2f76bf2bad971312e4b126aa951a4efbf551f4e6a

container-native-virtualization/libguestfs-tools@sha256:0951a7b40987bd4f3b0069cecb699b9f22eaee89bfacf268b3fff5fd806b76bc

container-native-virtualization/ovs-cni-marker@sha256:48da54894b425c570bcb171cb68469f8d3819a341f147eb788606bd92b7fab3d

container-native-virtualization/ovs-cni-plugin@sha256:9ba33511da257af1e061d53f58355fdc6a320bf82e9eb28f7b04b92a03da7d89

container-native-virtualization/virt-api@sha256:0aa7e3348376ce3906bc2262f1e6d33ab9ba854b00bc1bdad71aedba08d86294

container-native-virtualization/virt-artifacts-server@sha256:40c36b29faee798fe21a86219f07126062759659be634a205fb29f81e78a65a9

container-native-virtualization/virt-cdi-apiserver@sha256:5c93c9c7395fcc7c3abed1cfbd52a8cd3d8b062dcca5e99e1d54c18fea3dcda7

container-native-virtualization/virt-cdi-cloner@sha256:e840794e84607522f4510de7453d18882661434d799c9c2a5353541b780d7a0e

container-native-virtualization/virt-cdi-controller@sha256:580139bea521faa20d058d7e2d99cccbed418620deb55db8bcac9deb64cea28e

container-native-virtualization/virt-cdi-importer@sha256:2ae56702f3e95aa7e3c3ac03241476c443680a82654a93da70966038dbb16078

container-native-virtualization/virt-cdi-operator@sha256:64a30825bd4eb360a7cfacf0e02dea122d18a49d1bad30adc4fcb70a603b1b0c

container-native-virtualization/virt-cdi-uploadproxy@sha256:8d8f08c69d92fdcaca063129ea75d9870c23c7cf623ded374efdf3e77426ee76

container-native-virtualization/virt-cdi-uploadserver@sha256:b0df4cff91359053d81611772aea1d08577adae05e1b851f93c90982cf7ce6a2

container-native-virtualization/virt-controller@sha256:1c94d5fb1bf893ded2c8bb98406376d95c6a213bfe5bc813759431d1ca2ac49c

container-native-virtualization/virt-exportproxy@sha256:a589d67ed1bfe270b8e9f14e9a9317efc138c394bdd72213b9db31d6fd2f8726

container-native-virtualization/virt-exportserver@sha256:1ba0d1c71f228cb1f230a6b6b321d5df75cfbe43a3e95fecec67d072f6669020

container-native-virtualization/virt-handler@sha256:8d9f3c4e18db13d6c14360731402967cd44234440519f12d77b10262c301d720

container-native-virtualization/virt-launcher@sha256:d257e445062ec6e4f3aa96211b72f856a2a9fb0c188ee8e2808dad45301dd670

container-native-virtualization/virt-operator@sha256:0aea50dcab730327fa93e87491896082d0a021753cb28eaf8d59e14ae2515698

container-native-virtualization/virtio-win@sha256:55775029b35fe1a37bf32d46f860d2cb5b5bf067f146c181ad53406524ad7e61

container-native-virtualization/vm-network-latency-checkup@sha256:7c0727bcfcd9f46170a41bdceedb6bc798fe93203be1ab77f2873e8f15cdf330

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation