- Issued:
- 2025-04-17
- Updated:
- 2025-04-17
RHSA-2025:3973 - Security Advisory
Synopsis
Important: OpenShift Virtualization 4.16.7 Images
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4.16.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Description
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.16.7 images.
kubevirt-ssp-operator-rhel9-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
kubevirt-tekton-tasks-create-datavolume-rhel9-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
kubevirt-tekton-tasks-disk-virt-customize-rhel9-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
kubevirt-template-validator-rhel9-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
vm-console-proxy-rhel9-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
kubevirt: net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Container Native Virtualization 4.16 for RHEL 9 x86_64
Fixes
- BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
- BZ - 2333122 - CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
- CNV-54615 - [cnv-4.16] [test_id:4135]should find VMI namespace on namespace label of the metric
- CNV-51123 - [4.16.4] Example prefernce in UI still points to instancetype.kubevirt.io/v1alpha2
- CNV-48884 - [v4.16.5] Update Windows-11 IT/Preferences to reflect TPM to be persistent:True
- CNV-48883 - [v4.16.5] Unable to express `spec.domain.firmware.bootloader.efi.persistent` with preferences
- CNV-56325 - VM snapshot tab cannot be loaded
- CNV-55568 - [4.16] size-detection pod is not always cleaned after it completes
- CNV-48157 - [UI] 4.15 virt-launcher pod intermittently 404 when navigating from VM page
- CNV-56920 - limit resource configuration is not applied to initcontainer for importer-prime pod.
- CNV-50785 - [4.16] VMStorageClassWarning alert should fire only for clusters with Win VMs
- CNV-48124 - [Tracker Bug] [cnv-4.16] VMs fail to start for larger vcpu counts (>=64)
- CNV-52035 - [4.16] Velero backup PartiallyFailed due to PVC' failing to be snapshoted
- CNV-56674 - Taking VM snapshot fails
- CNV-54971 - [4.16] Snapshot Creation Fails for Powered-Off VM with RerunOnFailure RunStrategy
CVEs
- CVE-2019-12900
- CVE-2020-11023
- CVE-2022-49043
- CVE-2023-52653
- CVE-2024-2236
- CVE-2024-5535
- CVE-2024-8176
- CVE-2024-9287
- CVE-2024-11187
- CVE-2024-12085
- CVE-2024-12797
- CVE-2024-23848
- CVE-2024-24791
- CVE-2024-26976
- CVE-2024-27010
- CVE-2024-27410
- CVE-2024-35810
- CVE-2024-35888
- CVE-2024-35925
- CVE-2024-45338
- CVE-2024-50264
- CVE-2024-52531
- CVE-2024-55549
- CVE-2024-56171
- CVE-2025-1244
- CVE-2025-22013
- CVE-2025-24928
- CVE-2025-26465
aarch64
| container-native-virtualization/aaq-controller-rhel9@sha256:3f0217cae34d4b16df943560d4520dde4fb60df41e410e21dee2ae869ec727ae |
| container-native-virtualization/aaq-operator-rhel9@sha256:a35aa1b21f5e6e793689e79d5b9499e8e951ac150f8e943d6052e898ff48aa5a |
| container-native-virtualization/aaq-server-rhel9@sha256:cc16a023bfbed7de21571a295aed483806450f9a30731588f409054181241610 |
| container-native-virtualization/bridge-marker-rhel9@sha256:609083c8900b4523ba95f939d52b5de182a7c99fda096129bb7fb4f707b032e9 |
| container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:cb95a365a1cd31899580ca98f150e24ba24b717ff972b526402031feb967f7e4 |
| container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:532e565290b766087d82fcc42712b925a5ce52fe6fa7f10a571c135d04837c26 |
| container-native-virtualization/cnv-must-gather-rhel9@sha256:a1a7498520a48efaf205314353183b6d11a686044f1f83b76f1a63baa1530497 |
| container-native-virtualization/hco-bundle-registry-rhel9@sha256:2a1c93a7ceaa473510f7c30ebd14d390118f07297b9a0d330b2ae4e72970a48a |
| container-native-virtualization/hostpath-csi-driver-rhel9@sha256:5b1f11354c7a1f3b793bd407e48ce994da6757693d8025e456b42682f1eebdb6 |
| container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:74e293534f946959b409aa5c070791bd50485661782ff3db77a4700686cffeb8 |
| container-native-virtualization/hostpath-provisioner-rhel9@sha256:03108466f4e8b9e099dc6403147351995bfd80b8dd79731ca4cc0634a746998a |
| container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:626396e60da1aba16b94d1776cd7c27fb3c852f601ef2eaf0b34310a0d8ba4e4 |
| container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:d02c0308eea8d7f31456ec008e45d2b372947d97e0f3e5a9e4975066efbd66f4 |
| container-native-virtualization/kubemacpool-rhel9@sha256:5dc4a96214f58ffab986f9c176b663995301925439e2c13497594863ac912a9d |
| container-native-virtualization/kubesecondarydns-rhel9@sha256:bbe868438feec94c0f1b1d19beed36ce43463f3eb857c571d4d8878ed63da849 |
| container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:72b4f376a889c4502bebe84887a21f8a6b1728cfb95552aca8810e4ffa5ea8fc |
| container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:5c61d9d8be370a0be9974c47a69162ac4f7eebfe0212b345fabc26702805ad91 |
| container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:5baac349e0aa409b705b535b0f28de34da34c8b6394d75d7e1f2d13b8510a41f |
| container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:91a382d49f095d4c9ad81f75170017aea8b3ad0f1dd221d39dec11b6b7537f4c |
| container-native-virtualization/kubevirt-realtime-checkup-rhel9@sha256:0f4f6b5076b2b4eb421936c9fd9451a3df8b58428a7cda63723fb1ffd43c3dec |
| container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:7ae29d47466ce974455ccd73908326c1e087674e7619c683e0a3b05c31d2afff |
| container-native-virtualization/kubevirt-storage-checkup-rhel9@sha256:0e6bd537934ad198b1b8c3346a6a44abdc5ac8062a6f239e1ce13cf4a875c092 |
| container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:da86c0cdeceb3f33ba8bf2fbb03cbc16145834514a5a63e68c17d33d6908902d |
| container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:423a9ea69ce87e7ab96d6ef4c9aa32e1cc42597058f9f82987fedf5f03fc3310 |
| container-native-virtualization/kubevirt-template-validator-rhel9@sha256:815622b54ebee4d31738431af86e27ff960974e1344e6fc4d537f24bff870731 |
| container-native-virtualization/libguestfs-tools-rhel9@sha256:ea9349926bc0415d8c092637a26bedd995293850b4a17c3bbac18d1bf1942d04 |
| container-native-virtualization/mtq-controller-rhel9@sha256:650af1da1619fbed40eb28c81dfcb04fccf64bf9a141544fa88627f17f017312 |
| container-native-virtualization/mtq-lock-server-rhel9@sha256:4e5c6fca8f2c35f7e1c85d9686ac70348f13c7f8b7b1dad6e55aee92a02eaa51 |
| container-native-virtualization/mtq-operator-rhel9@sha256:588ca925e639ad1662a73c45062bada9295d804ac62797fc91dc2e65e3de64ad |
| container-native-virtualization/multus-dynamic-networks-rhel9@sha256:837d81d3d80bd08e1bf5f8be6ded4393101b78efab4f8f94b5f3b558e5e57d20 |
| container-native-virtualization/ovs-cni-plugin-rhel9@sha256:88bcfa9c028cc43f244a447c0e51befec4696583a67cb46c47812cf2cba60d1d |
| container-native-virtualization/passt-network-binding-plugin-cni-rhel9@sha256:3935bdf750c89d22e2fda8fb1cc0d56418782d21926cdd2da74fbeb2608da591 |
| container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9@sha256:bf242f542536fa32506dadb19740de9670168afddc8be28fe7755b62b032510a |
| container-native-virtualization/pr-helper-rhel9@sha256:e3e9a3d50be4c5b7318702e14c40ccfc27538f8c15f0340911e1483b06802105 |
| container-native-virtualization/sidecar-shim-rhel9@sha256:f6e15534e4c7306ce8c98a00a3bbc122f632ecfed62415888a44986ec3dca2c0 |
| container-native-virtualization/virt-api-rhel9@sha256:e619df94c6b1736d92b8e33543f50b912cdd34c309384af18b08d58906d480b2 |
| container-native-virtualization/virt-artifacts-server-rhel9@sha256:11f239eb03e59df1f623d672434fa64954a5557f5b46a14114b10d5e06e41a11 |
| container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:efe6822bced3a98ad5bf7a8701d0ad66f4d4505fb31030a3a34eef94df8aa44f |
| container-native-virtualization/virt-cdi-cloner-rhel9@sha256:993d462295902644aee47694ab5d37562319154d765e36763911d5cc90d1e3f6 |
| container-native-virtualization/virt-cdi-controller-rhel9@sha256:5caff4ad4f86a3296a31e1bbf95575fa8a024e2ed9cd926a7179335e0000b8e2 |
| container-native-virtualization/virt-cdi-importer-rhel9@sha256:40801946d71d0a8ae84a0941f79652451d73fd289429330d5525aea27270e1c0 |
| container-native-virtualization/virt-cdi-operator-rhel9@sha256:1aaf27a1a9c821e828df877e74e8389656af23c5042db909bc9d96de8fa080e9 |
| container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:cd025ef9b5662cb2015ff03fecde277581a307ac900b474fceabd676cc0a97c9 |
| container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:5e128ddd25300ad50fe9a73cd4f7d35fcc71b81340cf70569558beb82606f0ec |
| container-native-virtualization/virt-controller-rhel9@sha256:b738394b4c2461601a0952d37caf6ccb6a5030ddb195b7f4f15f5fad036ad2cd |
| container-native-virtualization/virt-exportproxy-rhel9@sha256:f54b43e62bc09c095fc0ae656c838767693ea85b51d93d9e9120145cebe173c6 |
| container-native-virtualization/virt-exportserver-rhel9@sha256:f7c8a33a3bd7f75d2a5f67136fff96302b146f7fadc34ff5c3d57cd37db25148 |
| container-native-virtualization/virt-handler-rhel9@sha256:53719f692202f101eb043f21946fd2696230b273d93e66e3e4822240a561bd1a |
| container-native-virtualization/virt-launcher-rhel9@sha256:55c4f6cdbef294fb6ed55c7c3207c96d3558f6767e1d01ffca697999e6f06fdc |
| container-native-virtualization/virt-operator-rhel9@sha256:cdbe2e7ddd6fe695ddba8472121bb44706c673da9c24e1431564def7d784dd2c |
| container-native-virtualization/virtio-win-rhel9@sha256:d403f13a47fa9057172484122fa6468e2ae8be4aaf52a758033fea084f783fa3 |
| container-native-virtualization/vm-console-proxy-rhel9@sha256:286d2e9ac91992ef80e9445a5b0f140fb31bc096cc5517869a47309e21355ff7 |
| container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:4021b867817d2f8574e15046574bc649af20147f71b113df7901e8d7407d5242 |
| container-native-virtualization/wasp-agent-rhel9@sha256:bea6d4fd1ff0fbcfde5cddb0eab46f8ff55651496bc99f4d301000ed94d7baea |
x86_64
| container-native-virtualization/aaq-controller-rhel9@sha256:2fe1958c0a9c75f4056e3d0d40db40bbc0d1329b9d27ad1ef653e85b61703cc7 |
| container-native-virtualization/aaq-operator-rhel9@sha256:7ba4837979d4bd1e87ed5c14ceab58592dfb00938df6cb6dde552252a339c064 |
| container-native-virtualization/aaq-server-rhel9@sha256:622090a7dbba4f48417c2ebbd90a91e0d627a1bcfb14fc4f4321a96d1b8e2299 |
| container-native-virtualization/bridge-marker-rhel9@sha256:a5e2c8943582c7b162fbb1869054639c216867ca9299b6daf918cb2ceb80ff8b |
| container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:8be81317a62550832b4eb68aed1460620079b1cc5c0da4b981a01aed5810b2c3 |
| container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:506357bc4c539106aa90ba638231351a6d32848d099640bda19cec3993ea278f |
| container-native-virtualization/cnv-must-gather-rhel9@sha256:a573d94a7ecaf067e6c22348b540aa8712167d5a4a2f2810babd4c6859fc0282 |
| container-native-virtualization/hco-bundle-registry-rhel9@sha256:c654b470f8ca3c88f5f6f8045febb0bb652de5ec3a99ca4a513cbaefc7599c0a |
| container-native-virtualization/hostpath-csi-driver-rhel9@sha256:05b7df27a2de873642e6a2b48782ee16d6e5fbaa5aca1601dabbe7321fafbf07 |
| container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:5a1e8e17784b874d64b03b3459c717766d17982266483e93952e567ec4630ad3 |
| container-native-virtualization/hostpath-provisioner-rhel9@sha256:b577ae7ce09448e1889cb325d7e40e355a4e475b015f726b1404db0bdb932740 |
| container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:3fd9e637f55f7c894f020d7984cc6fe46b78e11ece404ba8e5e6eda2af3310b4 |
| container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:6b9a4e20f363ea5f7e46d238ed64bfdc2efeed90b45e59f05604aa0c4e12b53d |
| container-native-virtualization/kubemacpool-rhel9@sha256:f7e6b8d329006569d5f2aa0a12efbcf56ab5a69f74202dd66acc0ee94dfb116c |
| container-native-virtualization/kubesecondarydns-rhel9@sha256:eb975d681bf30c65531fde63841f2e27be0e08ea976d30fd880a415e3b312e8c |
| container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:6ac40ce753fc102a535927b1c4804177a9303835bb5281a5db5af1e86bb73b1c |
| container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:56f5bc091706f4f9eaa996bebaaa0ae90bd2a49a15533288383ba0807256fa3f |
| container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:fcfbd52d609a582da1f28a80b5fbff60b4b3e441b03e30f5383b3d67fb58b845 |
| container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:91c84796680375a3249ee9e84510de28444fd10d3ced05434e8182650bd16a26 |
| container-native-virtualization/kubevirt-realtime-checkup-rhel9@sha256:ff9cc8a92e6cfb66ad8b2ee943f96c43970a81212147f4b3168535c9eac139b7 |
| container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:3cbe86e9f825a7b7136335c9e94dbfbb85dac8c67dbe77ad5cb2fae515963370 |
| container-native-virtualization/kubevirt-storage-checkup-rhel9@sha256:78ceb7386e365ad3b6bf82b01e18e16ae5423ccf993bd634cbe85967e12b0dd2 |
| container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:0840c25008c567b6201cb1b7036d82914d2254c14b12c0a916b718245eefebf7 |
| container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:023239d9a620d1f386170fbb298e5841fdfd30dce4d3f306be10ca44d750b21d |
| container-native-virtualization/kubevirt-template-validator-rhel9@sha256:5841fec229d0666ffcdc211716c8e22c3a4c1c9a4408d327e5b83372c6a10876 |
| container-native-virtualization/libguestfs-tools-rhel9@sha256:9f3d7afbe5746fa6641dbb513794ddc61fae3d795f7fa5e1809791355d77777a |
| container-native-virtualization/mtq-controller-rhel9@sha256:f87a798c00e64418511cd47add1330023c6dde3c62fbb92ef1dca10154cba3e5 |
| container-native-virtualization/mtq-lock-server-rhel9@sha256:7393ec7da024f158d61b8799adfbef832d567fc700e6f054b515de439de88b9d |
| container-native-virtualization/mtq-operator-rhel9@sha256:090e0ead362c77642ca25650b4bcb559f12a60295e1c337aa052fa8cd5ff3d39 |
| container-native-virtualization/multus-dynamic-networks-rhel9@sha256:292b532bdbbb91562849f805cfc5474255dc9bee6347a335754ec3e43e07d356 |
| container-native-virtualization/ovs-cni-plugin-rhel9@sha256:62ae7234ff71c98a864f26c860d0c92c63b9ebed3e932eb8d7f353dfad2dcbd2 |
| container-native-virtualization/passt-network-binding-plugin-cni-rhel9@sha256:d94f1a00c7db3982942db63ab8c6f350f3115a12eaa3eb6cf61604f0d417a81b |
| container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9@sha256:a94eb96ca402a96bfe758797121f2dd85f3ffc718fcc7b8e05103089d889121f |
| container-native-virtualization/pr-helper-rhel9@sha256:f19a4d703cf6fa0e6e292824767ed11b95b75c9862fe31ba4426abe4e55b682b |
| container-native-virtualization/sidecar-shim-rhel9@sha256:0683590f55f0f9dec294e6c9561a047ed67d1edc1c3e48d088c882a9d48a47e2 |
| container-native-virtualization/virt-api-rhel9@sha256:2e78c87e663cab3aba89f19fde21b6bfc5b1ac718bb4ddbbcba540d8c27a81bd |
| container-native-virtualization/virt-artifacts-server-rhel9@sha256:9ad68b823cdc9a7b9c41c62a4e7c430625b1c751258aa231a5a369097541ca25 |
| container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:4a2d4b9f4ab7cfa68ee61d5230bca6a7f201b25656914da689fb31fb5ed905d4 |
| container-native-virtualization/virt-cdi-cloner-rhel9@sha256:ee20a3bf0273be64cf62e9a7ddc647058c20eda1fc4a12b97bf96a74f50e9538 |
| container-native-virtualization/virt-cdi-controller-rhel9@sha256:8879874e9dea687bf9f85aee561da4379d40044c40870ef7d8177ee076ea6323 |
| container-native-virtualization/virt-cdi-importer-rhel9@sha256:4d57676e640e8e66a89a9b2fc2e70ad9d091afd778d97e9c7f65b8adf400430f |
| container-native-virtualization/virt-cdi-operator-rhel9@sha256:0aa9a187ef0f5012dd144221fdf1a9975596b6d1e9765e10be2ee1e15de9baf4 |
| container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:69a35e4d23c41dc45cf47cdddc42621db21fad52c27f9b631f484ecd30b4397a |
| container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:ee40c8d7e292dedda46423e0682f92f4f2837ab47eb07b8e561f85df91015b3a |
| container-native-virtualization/virt-controller-rhel9@sha256:5ca6e3b15b67ba1abef5c5c40813cdfda3769be69435ddcaec66797754e7ab21 |
| container-native-virtualization/virt-exportproxy-rhel9@sha256:b416b213c91d4e9343b410e6376870bd8ccc9560d0408bd57dfe093fe7957908 |
| container-native-virtualization/virt-exportserver-rhel9@sha256:34dcced345d2ce57d4270f338b0bab5ae4baa7692fa308abd7a3652e64554cc6 |
| container-native-virtualization/virt-handler-rhel9@sha256:9e2b95d7a7b0efb9e9d06e6c95b7628c64a7e53d1d7b1cbfb34d80f334fa3933 |
| container-native-virtualization/virt-launcher-rhel9@sha256:8a86e6285a085ad7ca396100a9f518ccc21fba3d2cbf80969049e9dd76dc06a5 |
| container-native-virtualization/virt-operator-rhel9@sha256:5bfc8b466707596e73456986ab1edd54c7e414ba2358e8b071f7ece80c71f8fa |
| container-native-virtualization/virtio-win-rhel9@sha256:bd7c44c9e8ad2b692302dd9721ff2ba92943f466cb8e33d78d7ff01a2f73eadc |
| container-native-virtualization/vm-console-proxy-rhel9@sha256:0b878505f6a1d5c712bcd71f404657a3f2554954340cdcecd0380907562e5d5e |
| container-native-virtualization/vm-network-latency-checkup-rhel9@sha256:43afa3f83fa448bbe42d2b34effb3f53460c3c1520341d2c4db1dc77e97236bc |
| container-native-virtualization/wasp-agent-rhel9@sha256:9ca5bf1e4e0f06bc5756d5e83ed1cdc156a04c8789182a6bcc871db17e6aea59 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
