RHSA-2023:6817 - Security Advisory

Topic

Red Hat OpenShift Virtualization release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.14.0 images.

Security Fix(es):

• golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
• HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
• mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
• golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
• golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
• containerd: OCI image importer memory exhaustion (CVE-2023-25153)
• containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Container Native Virtualization 4.14 for RHEL 9 x86_64
• Red Hat Container Native Virtualization for ARM 64 4.14 for RHEL 9 aarch64

Fixes

• BZ - 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
• BZ - 2017623 - VLAN Interface setup with nncp Failed to find a compatible device for this connection cnv 4.8.2 - NMState 1.0.2 - NM 1.30.0
• BZ - 2027959 - [RFE] virt-launcher pod of Windows VM stuck in terminating state, no button in the UI to force power off
• BZ - 2036027 - CNV 4.9.1|VMs deployments are failing due to webhook context deadline timout
• BZ - 2054863 - Consistency in naming mediatedDevicesTypes and nodemediatedDeviceTypes
• BZ - 2064160 - "failed to sync guest time" log spam in destination virt-launcher pod during VM live migration
• BZ - 2070033 - mismatch of virt-handler daemonset state and pods state after making master schedulable and unschedulable
• BZ - 2089301 - Windows 11 can't run on clusters in FIPS mode
• BZ - 2092271 - CephFS-based VM status changes to "paused" after migration
• BZ - 2092412 - "VMCannotBeEvicted" Alert on SNO for VMs from Common Templates
• BZ - 2094734 - [RFE] The failure reason is not exposed on VM status if it's failed to import the disk image
• BZ - 2095221 - "migration finalized successfully" in target virt launcher pod before the VM migration completion
• BZ - 2132473 - Memory usage of virt-operator PODs increased after updating HCO
• BZ - 2135381 - Live migration of OpenShift Virtualization VMs with ODF (ceph storage) based disks is failing consistently
• BZ - 2145102 - Can't enter BIOS per vnc client for RHEL8 vm
• BZ - 2149913 - downwardMetrics (vhostmd) VirtProductInfo showing incorrect information
• BZ - 2151200 - Sysprep is missing in scripts tab for windows VM
• BZ - 2151237 - "404: Not Found" appears before the VMIM details is loaded
• BZ - 2151248 - SSP pods moving to CrashLoopBackOff state for long duration when tlssecurityProfile is changed often
• BZ - 2151826 - Change cloud-init's password has no effect
• BZ - 2154317 - SSPCommonTemplatesModificationReverted alert in firing state during cnv upgrade (4.11.2->4.12.0)
• BZ - 2156525 - VMExport: can't download a PVC that was created from DV on NFS (when there's no VM that owns this PVC) - the storage doesn't support fsGroup
• BZ - 2158550 - Error after renaming MigrationPolicy
• BZ - 2160622 - Migration info is logged in bytes and is not readable
• BZ - 2161184 - Target pod waits for "qemu-timeout" to cleanup after cancelling the VM live migration
• BZ - 2167660 - Trend charts are empty when looking at ?All projects?
• BZ - 2168749 - Rename of Network Interface duplicates it, breaks VM start
• BZ - 2169361 - Mismatch of golang version in downstream virtctl builds
• BZ - 2170437 - kubevirt-dpdk-checkup affinity not set to prefer the objects to run on different nodes
• BZ - 2170699 - Tekton: pipelineref windows10-customize should provide parameter for dv name
• BZ - 2172390 - Enable CPU and Memory editing in the side drawer when creating a VM from a template
• BZ - 2172544 - empty libvirt metrics output, when executing metrics Prometheus query on a vm that is paused status
• BZ - 2172945 - Hamburger button in "Review and create VirtualMachine" Disks sometime disappear
• BZ - 2173525 - Boot order - Need to differentiate between disks and network
• BZ - 2174289 - "Cancel" button on instanceType should exit the flow instead of clearing data
• BZ - 2174473 - CVE-2023-25153 containerd: OCI image importer memory exhaustion
• BZ - 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
• BZ - 2174744 - The filter items on instanceType page is not horizontal aligned
• BZ - 2174859 - Need Root FeatureGate configurable via HCO CR
• BZ - 2174892 - GUI should set VM memory to guest memory instead of memory requests
• BZ - 2175651 - "No NetworkAttachmentDefinitions available" should not show when editing pod networking
• BZ - 2175990 - Improve the default instanceType dialog
• BZ - 2176216 - VMs are listed twice in cluster inventory
• BZ - 2176727 - Add ip address field to IP configuration in NNCP create form
• BZ - 2176745 - [RFE] Source available? badges are not aligned
• BZ - 2176746 - Not able to distinguish templates in catalog list view
• BZ - 2176756 - [RFE] Use boolean button to enable/disable single feature
• BZ - 2176797 - Make "YAML" button consistent with other pages
• BZ - 2177279 - windows-efi-installer fails for en-us_windows_11_business_editions_version_22h2_x64_dvd_17a08ce3.iso
• BZ - 2177969 - Tekton pipelines fails during retriving of tasks
• BZ - 2177977 - The volume in instanceTypes page should be selected automatically just after it's been added
• BZ - 2178349 - Documentation is missing steps on how to update windows drivers
• BZ - 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
• BZ - 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
• BZ - 2179660 - [HCO] Metric names fail in metrics name linter
• BZ - 2179917 - No "Pending Changes" when changes are made to VM created from instanceType
• BZ - 2180664 - Console is almost frozen if scroll down and up in VM metrics tab
• BZ - 2180666 - PVC size is not readable while selecting "PVC (creates PVC)" in disk modal
• BZ - 2180719 - "Copy SSH command" get undefined user
• BZ - 2180790 - [RFE] Add "inspect" button to open the metrics query in virtualization metrics pages
• BZ - 2180931 - Improve displaying long description text in Description columns
• BZ - 2181323 - InstanceType label missing in DataSource/bootable volume if Size not chosen in Add modal
• BZ - 2181432 - [Nonpriv] VM Memory does not show in details card of overview or details tab
• BZ - 2181515 - spec.firmware.bootloader is not copied while cloning a UEFI VM
• BZ - 2181920 - SecureBoot is always enabled for UEFI VMs
• BZ - 2182000 - VM metrics graphs are render incorrectly
• BZ - 2182056 - Cloned VM should not use the same PVC of the source VM
• BZ - 2182172 - Cannot add ssh key to existing VM in the GUI
• BZ - 2182233 - VM cannot be scheduled due to the secret name exceeds 63 characters
• BZ - 2182317 - Restore VM's pretty names
• BZ - 2182362 - Cannot edit Dedicated resources if the VM is created from instanceType
• BZ - 2182938 - Cannot clone VM to other namespace if the VM is created from instanceType
• BZ - 2183076 - Adjust configuration inner tabs appearance
• BZ - 2183082 - Adjust diagnotic tab apperance
• BZ - 2183491 - Incorrect padding in Add volume modal if PVC name too long
• BZ - 2183659 - Global permission [*] is seen in openshift-virtualization csv file for both cdi-operator and hostpath-provisioner-operator
• BZ - 2183915 - "No data available" shows on Virtualization overview metrics chart
• BZ - 2183979 - Console tab should be disabled only for VNC console in headless mode
• BZ - 2183995 - tekton pipeline for windows 2k22 with server template is stuck due to product key error
• BZ - 2184058 - 'Add network interface' button twice in VM's Network interfaces tab
• BZ - 2184063 - Titles in VM Diagnostic tab too big
• BZ - 2184098 - size error add volume modal
• BZ - 2184860 - NodeSelector for tsc frequency does not tolerate small TSC variations
• BZ - 2185076 - delays injecting PIT timer interrupt with OpenShift
• BZ - 2186462 - non-privileged user cannot add new nic
• BZ - 2186592 - Titles in VMI Disks tab too big
• BZ - 2186763 - The storageclass option is not respected in add volume modal for "Use existing volume"
• BZ - 2187242 - The popover usage of VM overview utilization is not readable
• BZ - 2187524 - cnv storage components are missing required metadata.labels
• BZ - 2187664 - No secret found while attaching existing secret to a template
• BZ - 2187971 - "Add disk -> Upload" not work for template
• BZ - 2188010 - Change "Diagnostic" tab label
• BZ - 2188144 - Custom SELinux policy for virt_launcher still present on CNV with DisableCustomSELinuxPolicy feature gate enabled
• BZ - 2188226 - UI display resource request from instanceType instead of controllerRevision
• BZ - 2188244 - [DPDK Checkup] Teardown does not happen on setup failure
• BZ - 2188502 - Move SSH section to VM details on instancetype page
• BZ - 2188886 - It looks something keeps in loading while detach an environment disk
• BZ - 2189272 - Remove InstanceTypes tab unless it is disabled by default
• BZ - 2189312 - Missing titles in Templates tabs
• BZ - 2189744 - VM created from CD source registry cannot be started due to InvalidImageName
• BZ - 2190171 - lun can not be used with DVs
• BZ - 2190438 - VM - Actions - Copy SSH command misses user name
• BZ - 2190448 - Resume and pause button should not be enabled on a stopped VM
• BZ - 2192577 - Console errors while using a template without "parameters"
• BZ - 2193116 - Overview => settings -> "Live migration network" is empty when there is no nad network
• BZ - 2193234 - [DPDK checkup] Node selection from ConfigMap not applied
• BZ - 2193266 - Openshift Virtualization does not validate cluster network is single-stack IPv6 and fails with cryptic error
• BZ - 2193333 - Service created using virtctl expose vmi doesn't works if the VM is migrated
• BZ - 2196161 - Broken Bootable Columns - Layout issues
• BZ - 2196429 - initial-job-dataimportcron pod ignores pod placement configuration
• BZ - 2196459 - [DPDK checkup] Pods are scheduled on reserved instead of isolated CPUs
• BZ - 2196762 - Catalog -> Template project list is not sorted
• BZ - 2196765 - Project list in clone modal is not sorted
• BZ - 2196912 - Missing and confusing help texts for CPU number calculations
• BZ - 2203291 - kubevirt should allow runtimeclass to be configured in a pod
• BZ - 2207468 - An error occurred while cloning a VM
• BZ - 2207916 - Change "Save" to "Select" in the ?Show all? modal
• BZ - 2209046 - kubevirt_vmi_cpu_affinity metric is enriched with an excessive amount of labels
• BZ - 2210070 - During draining node non-migratable VM may block other VMs from being migrated for a long time
• BZ - 2210554 - KubeVirtComponentExceedsRequestedCPU alert not firing
• BZ - 2210988 - Incorrect alert description for the alert KubevirtVmHighMemoryUsage
• BZ - 2211057 - Templates Catalog shows Default Templates incorrectly
• BZ - 2211168 - VM configuration tab crashes
• BZ - 2211512 - kubevirt_vmi_phase_count metrics is not working in 4.14.0
• BZ - 2212289 - evictionStrategy by default should be set as "None" in HCO CR in a SNO setup
• BZ - 2212312 - [4.14] virtctl memory dump download doesn't work
• BZ - 2212496 - For prometheus-rules-cluster-network-addons-operator prometheusrule, runbook url for some of the networking alerts are pointing to upstream links
• BZ - 2212498 - prometheusrule prometheus-k8s-rules-cnv, has missing runbook url for alert DeprecatedRHEL6Vm
• BZ - 2213255 - HPP wrongly reporting Available status
• BZ - 2214120 - Feature highlights in CNV 4.13 contains links to 4.10
• BZ - 2215285 - SSP resets datasource reference to initial state
• BZ - 2215756 - Failed kubevirt-plugin
• BZ - 2216330 - virctl binaries has been renamed for both arm and amd, this would break all tests that expects the binary to be virtctl
• BZ - 2216447 - must-gather: Multiple empty files under vms/<vm-name> if the VM was live migrated
• BZ - 2216449 - must-gather is using unavailable brctl command
• BZ - 2216774 - [RFE] HCO should remove option to run VMs as root
• BZ - 2217472 - VM is not catching machine type from Kubevirt
• BZ - 2217848 - tekton: ssp reconcile didn't happen correctly when tekton featuregate is enabled
• BZ - 2217870 - "virtctl ssh" and NodePort ssh commands in UI do not work without '-i' flag
• BZ - 2217920 - [hot-plug bridged interfaces] MAC address of hot-plugged interface is not taken from KubeMacPool range
• BZ - 2217956 - volumeclonesources.cdi.kubevirt.io, volumeimportsources.cdi.kubevirt.io and volumeuploadsources.cdi.kubevirt.io are not part of system:cluster-readers
• BZ - 2218468 - [CDI] Metrics names failed promlint linter
• BZ - 2219144 - [CNAO] Metrics names failed promlint linter
• BZ - 2219763 - [SSP] Metrics names don't follow naming conventions
• BZ - 2219785 - With cluster-level evictionStrategy:LiveMigrate set in HCO CR certain VMs would fail to restart and get stuck during node drain
• BZ - 2219800 - PreferredStorageClassName - PVC required
• BZ - 2221461 - virtctl image-upload fails for WFFC storage?with Populators
• BZ - 2221492 - [hot-plug bridged interfaces] Removed (absent) interfaces should be cleared from VM spec
• BZ - 2221801 - Unable to set autoCPULimitNamespaceLabelSelector via HCO CR
• BZ - 2221921 - Bootable volumes page - title mismatch
• BZ - 2221929 - Fix "templates project" section in Overview > Settings > Cluster
• BZ - 2221934 - Fix text of Overview > Settings > Cluster > LoadBalancer
• BZ - 2222008 - Cloned VM using PVC of another VM can cause data corruption
• BZ - 2222185 - Fix inconsistent button text and menu for creating resources
• BZ - 2222290 - Fix "InstanceTypes" capitalization
• BZ - 2222451 - VMExport manifests: DV External population is incompatible with Source and SourceRef
• BZ - 2222607 - "Start this VirtualMachine after creation" suggests it can be clicked but it does not do anything
• BZ - 2223361 - PVCs prime are not cleaned up and stay in the 'Lost ' Phase
• BZ - 2223539 - Missing labels on VirtualMachineClusterInstancetype o1 series - cpu/memory
• BZ - 2223577 - Ceph CSI default clone strategy is not set to CSI clone
• BZ - 2223654 - VMI CPU metrics are counters not gauges
• BZ - 2223669 - HCO alerts names are too long
• BZ - 2223776 - global permission found for cluster-network-addons-operator in cnv csv.spec.install.spec.clusterPermissions
• BZ - 2223948 - PodSecurity violations messages found in virt-operator
• BZ - 2224104 - [hot-plug bridged interfaces] VM primary interface removed after reboot
• BZ - 2224203 - Clone VM is cloning from the VMs DV source and not from the VM PVC
• BZ - 2224353 - Create VM from template: Back/Next workflow does not persist storage setting
• BZ - 2224357 - "Review and create VM" title is misleading
• BZ - 2224828 - [HPP] Metric names fail in metrics name linter
• BZ - 2224990 - User is able to select incompatible network binding
• BZ - 2225116 - [4.14] VMExport: can't download a PVC that was created from DV on NFS (when there's no VM that owns this PVC) - the storage doesn't support fsGroup
• BZ - 2226764 - Deletion of DataImportCron PVCs does not result in re-creation of PVCs
• BZ - 2226982 - DataImportCron sourceDesiredDigest is not updated automatically
• BZ - 2227013 - It is difficult to understand why VM disk cloning reverts to the host-assisted method
• BZ - 2227059 - UI: VM from a cached snapshot is not running: DataVolume sourceRef not supported
• BZ - 2227066 - Recreation of the boot source images as cached snapshots may have issues
• BZ - 2227746 - CNV fails to build with usb-redirection package
• BZ - 2227957 - tekton pipelines leftovers after successful runs
• BZ - 2228036 - Virt-Launcher Pod Node Drain stuck when HCO evictionStrategy is set "None" and VM is not restarted
• BZ - 2228240 - VM with secondary interface can't start
• BZ - 2229704 - [ARM64] VMs stuck in starting state with error "domain configuration does not support video model 'virtio'"
• BZ - 2229903 - Mechanism to create configmaps under appropriate namespace based on tektonPipelinesNamespace & tektonTasksNamespace
• BZ - 2231839 - Importer pod's priority is not the same as the VM's PriorityClass, and not the same as the DV's PriorityClass
• BZ - 2233049 - Preferred value is not overwritten by value in VM spec
• BZ - 2233098 - Storage - pods randomly fail with segmentation violation in client-go/discovery/aggregated_discovery.go
• BZ - 2233811 - SSP - pods randomly fail with segmentation violation in client-go/discovery/aggregated_discovery.go
• BZ - 2235151 - [4.14] repeating reconcile error when no default storage class
• BZ - 2236060 - Upload a DV with WFFC SC via virtctl fails because PVC is pending
• BZ - 2236223 - Importer very slow to pull images, possibly mem throttled
• BZ - 2236344 - Unable to perform EUS to EUS upgrade between 4.12 and 4.14 with workloads
• BZ - 2236393 - Not able to select StorageClass if there is no default StorageClass defined in the cluster
• BZ - 2236487 - global permission found for mtq operator in cnv csv.spec.install.spec
• BZ - 2236545 - Template validator is broken for spec.domain.memory.guest value
• BZ - 2237288 - [4.14] portworx: update the storageProfile
• BZ - 2237916 - Pipelines failed when triggered with default namespace openshift-cnv
• BZ - 2238723 - [ARM] bridge-marker and kube-cni-linux-bridge-plugin pods are not available in ARM cluster
• BZ - 2239786 - HCO creates the MTQ CR on a single node cluster
• BZ - 2239915 - MTQ does not work with Auto CPU limits
• BZ - 2241327 - upgrade to CNV 4.14 stuck due to name of "MediatedDevicesTypes" 4.14 require to have MediatedDeviceTypes that does not exist in 4.13
• BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
• BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
• CNV-18977 - [2094734] [RFE] The failure reason is not exposed on VM status if it's failed to import the disk image
• CNV-23157 - [2151200] Sysprep is missing in scripts tab for windows VM
• CNV-23181 - [2151237] "404: Not Found" appears before the VMIM details is loaded
• CNV-23271 - [2151826] Change cloud-init's password has no effect
• CNV-23972 - [2158550] Error after renaming MigrationPolicy
• CNV-24889 - [2165895] Cannot SSH into VM over NodePort and Console's FQDN when using OVNKubernetes networking
• CNV-25126 - [2167660] Trend charts are empty when looking at ?All projects?
• CNV-25332 - [2168749] Rename of Network Interface duplicates it, breaks VM start
• CNV-26044 - [2172390] Enable CPU and Memory editing in the side drawer when creating a VM from a template
• CNV-26087 - [2172945] Hamburger button in "Review and create VirtualMachine" Disks sometime disappear
• CNV-26167 - [2173525] Boot order - Need to differentiate between disks and network
• CNV-26304 - [2174289] "Cancel" button on instanceType should exit the flow instead of clearing data
• CNV-26584 - [2175972] The PVC is not deleted along with the bootable volumes or dataSources
• CNV-26593 - [2175990] Improve the default instanceType dialog
• CNV-26637 - [2176216] VMs are listed twice in cluster inventory
• CNV-26708 - [2176727] Add ip address field to IP configuration in NNCP create form
• CNV-26710 - [2176745] [RFE] Source available? badges are not aligned
• CNV-26711 - [2176746] Not able to distinguish templates in catalog list view
• CNV-26715 - [2176756] [RFE] Use boolean button to enable/disable single feature
• CNV-26720 - [2176797] Make "YAML" button consistent with other pages
• CNV-27084 - [2179917] No "Pending Changes" when changes are made to VM created from instanceType
• CNV-27177 - [2180664] Console is almost frozen if scroll down and up in VM metrics tab
• CNV-27204 - [2180790] [RFE] Add "inspect" button to open the metrics query in virtualization metrics pages
• CNV-27215 - [2180931] Improve displaying long description text in Description columns
• CNV-27332 - [2181323] InstanceType label missing in DataSource/bootable volume if Size not chosen in Add modal
• CNV-27441 - [2181920] SecureBoot is always enabled for UEFI VMs
• CNV-27494 - [2182172] Cannot add ssh key to existing VM in the GUI
• CNV-27498 - [2182233] VM cannot be scheduled due to the secret name exceeds 63 characters
• CNV-27514 - [2182362] Cannot edit Dedicated resources if the VM is created from instanceType
• CNV-27601 - [2183076] Adjust configuration inner tabs appearance
• CNV-27602 - [2183082] Adjust diagnotic tab apperance
• CNV-27644 - [2183491] Incorrect padding in Add volume modal if PVC name too long
• CNV-27772 - [2183979] Console tab should be disabled only for VNC console in headless mode
• CNV-27807 - [2184063] Titles in VM Diagnostic tab too big
• CNV-27813 - [2184098] size error add volume modal
• CNV-27815 - [2184058] 'Add network interface' button twice in VM's Network interfaces tab
• CNV-28056 - [2186462] non-privileged user cannot add new nic
• CNV-28063 - [2186592] Titles in VMI Disks tab too big
• CNV-28079 - [2186763] The storageclass option is not respected in add volume modal for "Use existing volume"
• CNV-28140 - [2187242] The popover usage of VM overview utilization is not readable
• CNV-28206 - [2187664] No secret found while attaching existing secret to a template
• CNV-28231 - [2187971] "Add disk -> Upload" not work for template
• CNV-28234 - [2188010] Change "Diagnostic" tab label
• CNV-28248 - [2188226] UI display resource request from instanceType instead of controllerRevision
• CNV-28266 - [2188502] Move SSH section to VM details on instancetype page
• CNV-28304 - [2188886] It looks something keeps in loading while detach an environment disk
• CNV-28347 - [2189272] Remove InstanceTypes tab unless it is disabled by default
• CNV-28349 - [2189312] Missing titles in Templates tabs
• CNV-28367 - [2189744] VM created from CD source registry cannot be started due to InvalidImageName
• CNV-28437 - [2190438] VM - Actions - Copy SSH command misses user name
• CNV-28439 - [2190448] Resume and pause button should not be enabled on a stopped VM
• CNV-28503 - [2192577] Console errors while using a template without "parameters"
• CNV-28553 - [2193116] Overview => settings -> "Live migration network" is empty when there is no nad network
• CNV-28633 - [2196161] Broken Bootable Columns - Layout issues
• CNV-28637 - [2196171] Missing the "Apply optimized StorageProfile settings" component
• CNV-28756 - [2196762] Catalog -> Template project list is not sorted
• CNV-28757 - [2196765] Project list in clone modal is not sorted
• CNV-28776 - [2196912] Missing and confusing help texts for CPU number calculations
• CNV-28827 - [2204528] VM cannot be started due to error "ErrorPvcNotFound" when the VM is created from template with upload disk
• CNV-28828 - [2207468] An error occurred while cloning a VM
• CNV-28861 - [2207916] Change "Save" to "Select" in the ?Show all? modal
• CNV-29082 - "View alert" get "No Alert found" page
• CNV-29095 - [2209897] Cloud-init userdata is not parsed correctly if "userData" string is removed
• CNV-29281 - [2211057] Templates Catalog shows Default Templates incorrectly
• CNV-29295 - [2211168] VM configuration tab crashes
• CNV-29440 - [2207468] An error occurred while cloning a VM
• CNV-29725 - [2214120] Feature highlights in CNV 4.13 contains links to 4.10
• CNV-30327 - [2217870] "virtctl ssh" and NodePort ssh commands in UI do not work without '-i' flag
• CNV-30572 - The checkbox shouldn't be automatically checked when creating an SSH
• CNV-30574 - Fixing the behaviour on the Manage SSH keys
• CNV-30859 - [2221921] Bootable volumes page - title mismatch
• CNV-30861 - [2221929] Fix "templates project" section in Overview > Settings > Cluster
• CNV-30863 - [2221934] Fix text of Overview > Settings > Cluster > LoadBalancer
• CNV-30872 - [2222008] Cloned VM using PVC of another VM can cause data corruption
• CNV-30878 - [2222185] Fix inconsistent button text and menu for creating resources
• CNV-30889 - Edit popover text and add disable state with different help text to Dynamic injection
• CNV-30894 - [2222290] Fix "InstanceTypes" capitalization
• CNV-30896 - Authorized SSH key is added to VM automatically even no key is set in settings
• CNV-30901 - [2222607] "Start this VirtualMachine after creation" suggests it can be clicked but it does not do anything
• CNV-30959 - Manage columns on Bootable resources list does not work
• CNV-31119 - Failed to create windows VM when SSH key is configured in settings
• CNV-31184 - Add an option to filter DS and PVC in bootable volumes page
• CNV-31188 - [2224203] Clone VM is cloning from the VMs DV source and not from the VM PVC
• CNV-31216 - [2224353] Create VM from template: Back/Next workflow does not persist storage setting
• CNV-31218 - [2224357] "Review and create VM" title is misleading
• CNV-31299 - [2224990] User is able to select incompatible network binding
• CNV-31550 - Add an alert to disk modal for hot plugged disk
• CNV-31551 - Align the page of the source "Registy" with Upload/PVC in add volume modal
• CNV-31576 - VM status is not refreshed on VM list page
• CNV-31863 - Delete datasource on Bootable volumes list page leads to datasource list page
• CNV-32040 - ?vm is undefined? shows when creating VM from template with regular user
• CNV-32114 - Overview > Settings link path has hardcoded namespace in NIC modal
• CNV-32168 - Click the link in Overview -> "VirtualMachines per resource" leads to a crashed VM list
• CNV-32173 - Missing disk size option when creating disk from "Template default" disk source
• CNV-32369 - "Not available" shows in CPU | Memory
• CNV-32401 - [2234441] Fix SSH key label on InstanceTypes tab
• CNV-32447 - Updating useActiveNamespace import
• CNV-32467 - Disk modal is crashed if open it too quick
• CNV-32485 - Pending changes about "Eviction strategy" shows when creating a VM from template
• CNV-32498 - Hide the navigator "Instancetypes" and "Preferences" for regular user
• CNV-32520 - VM list is crashed sometimes
• CNV-32524 - Putting the text of titles on the same line on Catalog -> InstanceTypes
• CNV-32596 - Cannot create vm from template via customize wizard
• CNV-32601 - [2224203] Clone VM is cloning from the VMs DV source and not from the VM PVC
• CNV-32666 - VM cannot be started after adding 2nd nic
• CNV-32691 - [2236393] Not able to select StorageClass if there is no default StorageClass defined in the cluster
• CNV-32985 - [2238959] "O" overcommitted instanceType is shown
• CNV-33036 - Customize VM is prompting 'No boot source available' dialog
• CNV-33037 - Unprivileged user cannot see list of instancetypes
• CNV-33137 - Secondary network interface hot-plugged through UI is not presenting in VM after migrating
• CNV-33735 - Pending alert disappears very soon after adding network interface
• CNV-33762 - Cannot create centos8 and centos9 VM from instanceType
• CNV-34472 - VM list page is crashed when visit project "openshift-virtualization-os-images" for regular user
• CNV-34503 - VM list page is crashed when visit project "openshift-virtualization-os-images" for regular user

CVEs

• CVE-2021-20329
• CVE-2022-41724
• CVE-2022-41725
• CVE-2023-25153
• CVE-2023-25173
• CVE-2023-39325
• CVE-2023-44487

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-003