[RHSA-2021:4914-06] Moderate: OpenShift Virtualization 4.8.3 Images security and bug fix update
Security announcements for all Red Hat products and services.
rhsa-announce at redhat.com
Thu Dec 2 20:42:22 UTC 2021
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Virtualization 4.8.3 Images security and bug fix update
Advisory ID: RHSA-2021:4914-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4914
Issue date: 2021-12-02
CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750
CVE-2019-13751 CVE-2019-17594 CVE-2019-17595
CVE-2019-18218 CVE-2019-19603 CVE-2019-20838
CVE-2020-12762 CVE-2020-13435 CVE-2020-14155
CVE-2020-16135 CVE-2020-24370 CVE-2020-25648
CVE-2020-36385 CVE-2021-0512 CVE-2021-3200
CVE-2021-3426 CVE-2021-3445 CVE-2021-3572
CVE-2021-3580 CVE-2021-3656 CVE-2021-3733
CVE-2021-3778 CVE-2021-3796 CVE-2021-3800
CVE-2021-20231 CVE-2021-20232 CVE-2021-20266
CVE-2021-20317 CVE-2021-22876 CVE-2021-22898
CVE-2021-22925 CVE-2021-22946 CVE-2021-22947
CVE-2021-23840 CVE-2021-23841 CVE-2021-27645
CVE-2021-28153 CVE-2021-28950 CVE-2021-29923
CVE-2021-33560 CVE-2021-33574 CVE-2021-33928
CVE-2021-33929 CVE-2021-33930 CVE-2021-33938
CVE-2021-34558 CVE-2021-35942 CVE-2021-36084
CVE-2021-36085 CVE-2021-36086 CVE-2021-36087
CVE-2021-36222 CVE-2021-37750 CVE-2021-42574
CVE-2021-43267
=====================================================================
1. Summary:
Red Hat OpenShift Virtualization release 4.8.3 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.8.3 images:
RHEL-8-CNV-4.8
==============
hostpath-provisioner-container-v4.8.3-4
kubevirt-v2v-conversion-container-v4.8.3-3
virt-cdi-cloner-container-v4.8.3-4
virt-cdi-operator-container-v4.8.3-4
virt-cdi-uploadproxy-container-v4.8.3-4
virt-launcher-container-v4.8.3-9
vm-import-operator-container-v4.8.3-7
virt-cdi-apiserver-container-v4.8.3-4
kubevirt-vmware-container-v4.8.3-3
virt-api-container-v4.8.3-9
vm-import-virtv2v-container-v4.8.3-7
virtio-win-container-v4.8.3-3
node-maintenance-operator-container-v4.8.3-2
hostpath-provisioner-operator-container-v4.8.3-4
virt-cdi-controller-container-v4.8.3-4
virt-cdi-importer-container-v4.8.3-4
bridge-marker-container-v4.8.3-3
ovs-cni-marker-container-v4.8.3-3
virt-handler-container-v4.8.3-9
virt-controller-container-v4.8.3-9
cnv-containernetworking-plugins-container-v4.8.3-3
kubevirt-template-validator-container-v4.8.3-3
hyperconverged-cluster-webhook-container-v4.8.3-5
ovs-cni-plugin-container-v4.8.3-3
hyperconverged-cluster-operator-container-v4.8.3-5
kubevirt-ssp-operator-container-v4.8.3-4
virt-cdi-uploadserver-container-v4.8.3-4
kubemacpool-container-v4.8.3-5
vm-import-controller-container-v4.8.3-7
virt-operator-container-v4.8.3-9
kubernetes-nmstate-handler-container-v4.8.3-8
cnv-must-gather-container-v4.8.3-12
cluster-network-addons-operator-container-v4.8.3-8
hco-bundle-registry-container-v4.8.3-58
Security Fix(es):
* golang: net: incorrect parsing of extraneous zero characters at the
beginning of an IP address octet (CVE-2021-29923)
* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
1997017 - unprivileged client fails to get guest agent data
1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed
2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount
2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import
2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed
2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion
2007336 - 4.8.3 containers
2007776 - Failed to Migrate Windows VM with CDROM (readonly)
2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13
2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted
2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues
2026881 - [4.8.3] vlan-filtering is getting applied on veth ports
5. References:
https://access.redhat.com/security/cve/CVE-2018-20673
https://access.redhat.com/security/cve/CVE-2019-5827
https://access.redhat.com/security/cve/CVE-2019-13750
https://access.redhat.com/security/cve/CVE-2019-13751
https://access.redhat.com/security/cve/CVE-2019-17594
https://access.redhat.com/security/cve/CVE-2019-17595
https://access.redhat.com/security/cve/CVE-2019-18218
https://access.redhat.com/security/cve/CVE-2019-19603
https://access.redhat.com/security/cve/CVE-2019-20838
https://access.redhat.com/security/cve/CVE-2020-12762
https://access.redhat.com/security/cve/CVE-2020-13435
https://access.redhat.com/security/cve/CVE-2020-14155
https://access.redhat.com/security/cve/CVE-2020-16135
https://access.redhat.com/security/cve/CVE-2020-24370
https://access.redhat.com/security/cve/CVE-2020-25648
https://access.redhat.com/security/cve/CVE-2020-36385
https://access.redhat.com/security/cve/CVE-2021-0512
https://access.redhat.com/security/cve/CVE-2021-3200
https://access.redhat.com/security/cve/CVE-2021-3426
https://access.redhat.com/security/cve/CVE-2021-3445
https://access.redhat.com/security/cve/CVE-2021-3572
https://access.redhat.com/security/cve/CVE-2021-3580
https://access.redhat.com/security/cve/CVE-2021-3656
https://access.redhat.com/security/cve/CVE-2021-3733
https://access.redhat.com/security/cve/CVE-2021-3778
https://access.redhat.com/security/cve/CVE-2021-3796
https://access.redhat.com/security/cve/CVE-2021-3800
https://access.redhat.com/security/cve/CVE-2021-20231
https://access.redhat.com/security/cve/CVE-2021-20232
https://access.redhat.com/security/cve/CVE-2021-20266
https://access.redhat.com/security/cve/CVE-2021-20317
https://access.redhat.com/security/cve/CVE-2021-22876
https://access.redhat.com/security/cve/CVE-2021-22898
https://access.redhat.com/security/cve/CVE-2021-22925
https://access.redhat.com/security/cve/CVE-2021-22946
https://access.redhat.com/security/cve/CVE-2021-22947
https://access.redhat.com/security/cve/CVE-2021-23840
https://access.redhat.com/security/cve/CVE-2021-23841
https://access.redhat.com/security/cve/CVE-2021-27645
https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/cve/CVE-2021-28950
https://access.redhat.com/security/cve/CVE-2021-29923
https://access.redhat.com/security/cve/CVE-2021-33560
https://access.redhat.com/security/cve/CVE-2021-33574
https://access.redhat.com/security/cve/CVE-2021-33928
https://access.redhat.com/security/cve/CVE-2021-33929
https://access.redhat.com/security/cve/CVE-2021-33930
https://access.redhat.com/security/cve/CVE-2021-33938
https://access.redhat.com/security/cve/CVE-2021-34558
https://access.redhat.com/security/cve/CVE-2021-35942
https://access.redhat.com/security/cve/CVE-2021-36084
https://access.redhat.com/security/cve/CVE-2021-36085
https://access.redhat.com/security/cve/CVE-2021-36086
https://access.redhat.com/security/cve/CVE-2021-36087
https://access.redhat.com/security/cve/CVE-2021-36222
https://access.redhat.com/security/cve/CVE-2021-37750
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/cve/CVE-2021-43267
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYakvrdzjgjWX9erEAQi33w//VpPvIhnB7lczkCNCzlCeIngYY1zX6nIV
LJ1pDNz4uCWOacL1WtHqq+yv87I6GW8x8JgY8XpfQyGWEZnkmZc2lUJ3qsRXKm2f
2PrqXPCPLbO9gC6ErRUSVL51cWDolEFJM4j4+MmYVzwA09SptlfooR/SZ6zHsGh8
OHbupl22XXd1ugemeSaMGsycNmEbYqt4KfMAGaqDLAClWIL35p6/HRUmbY9oVhtG
gLnvt+7DElCW+vfqm7GtcT8sVSti786aB2dbTh2trXRt0j5P3mG6ovow4koA0riX
5rH2Wt7bnmxKR4qvFl5yqJSeQkghnaJmpu3j3SHQ88sfTmpqUZJbRFljiefgHsPZ
MgZsspOE0QmP+HHRmiJvJYLlQs8r5ukJGe/YmBdRV2g3IcVhJtrfdvT/u2luv6/9
PGoVGaPA2ZCtrYJxuzbOzd4VupKSoKfvZTHJdKaUvyZB3o0bjqAfOQg5sTaeFqS5
9qXZBmJ9gMTQdQBrHAzYbNe/IbJbR7LvVIY3Q2gPkDNrmtfA8ifkmm2UJkJ3U/3F
gWFaELq2RRM1fo7QMhBJ8gO3oVXEN5q42LR6IUEYFY7xMMvrR+ztc/Y9PfkEVTbP
YaRgzUU0YNocEnuQ2LEQnt+KyAm2slHQccaVgDa0kELWZjRus9J+Dm7IetK+RVpL
rOhdZCv5eQg=
=YFIo
-----END PGP SIGNATURE-----
More information about the RHSA-announce
mailing list