- Vulnerability/
- RHSA-2020:3194
RHSA-2020:3194: Important: Container-native Virtualization security, bug fix, and enhancement update
First published: Tue Jul 28 2020(Updated: )
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.<br>Security Fix(es):<br><li> kubevirt: VMIs can be used to access host files (CVE-2020-14316)</li> <li> containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>This update also fixes several bugs and adds various enhancements.<br>This advisory contains the following OpenShift Virtualization 2.4.0 images:<br>RHEL-7-CNV-2.4<br>==============<br>kubevirt-ssp-operator-container-v2.4.0-71<br>RHEL-8-CNV-2.4<br>==============<br>virt-cdi-controller-container-v2.4.0-29<br>virt-cdi-uploadproxy-container-v2.4.0-29<br>hostpath-provisioner-container-v2.4.0-25<br>virt-cdi-operator-container-v2.4.0-29<br>kubevirt-metrics-collector-container-v2.4.0-18<br>cnv-containernetworking-plugins-container-v2.4.0-36<br>kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18<br>hostpath-provisioner-operator-container-v2.4.0-31<br>virt-cdi-uploadserver-container-v2.4.0-29<br>virt-cdi-apiserver-container-v2.4.0-29<br>virt-controller-container-v2.4.0-58<br>virt-cdi-cloner-container-v2.4.0-29<br>kubevirt-template-validator-container-v2.4.0-21<br>vm-import-operator-container-v2.4.0-21<br>kubernetes-nmstate-handler-container-v2.4.0-37<br>node-maintenance-operator-container-v2.4.0-27<br>virt-operator-container-v2.4.0-58<br>kubevirt-v2v-conversion-container-v2.4.0-23<br>cnv-must-gather-container-v2.4.0-73<br>virtio-win-container-v2.4.0-15<br>kubevirt-cpu-node-labeller-container-v2.4.0-19<br>ovs-cni-plugin-container-v2.4.0-37<br>kubevirt-vmware-container-v2.4.0-21<br>hyperconverged-cluster-operator-container-v2.4.0-70<br>virt-handler-container-v2.4.0-58<br>virt-cdi-importer-container-v2.4.0-29<br>virt-launcher-container-v2.4.0-58<br>kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17<br>virt-api-container-v2.4.0-58<br>ovs-cni-marker-container-v2.4.0-38<br>kubemacpool-container-v2.4.0-39<br>cluster-network-addons-operator-container-v2.4.0-38<br>bridge-marker-container-v2.4.0-39<br>vm-import-controller-container-v2.4.0-21<br>hco-bundle-registry-container-v2.3.0-497
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenShift Virtualization | ||
| Red Hat Kubevirt SSP Operator | ||
| Red Hat virt-cdi-controller | ||
| Red Hat virt-cdi-uploadproxy | ||
| Red Hat HostPath Provisioner | ||
| Red Hat Virt CDI Operator | ||
| Red Hat Kubevirt Metrics Collector | ||
| Red Hat CNV Container Networking Plugins | ||
| Red Hat KubeVirt KVM Info NFD Plugin | ||
| Red Hat HostPath Provisioner Operator | ||
| Red Hat virt-cdi-uploadserver | ||
| Red Hat virt-cdi-apiserver | ||
| Red Hat Virt Controller | ||
| Red Hat virt-cdi-cloner | ||
| Red Hat KubeVirt Template Validator | ||
| Red Hat vm-import-operator | ||
| Red Hat Kubernetes NMState Handler | ||
| Red Hat Node Maintenance Operator | ||
| Red Hat virt-operator | ||
| Red Hat Kubevirt V2V Conversion | ||
| Red Hat cnv-must-gather | ||
| virtio-win | ||
| Red Hat Kubevirt CPU Node Labeller | ||
| Red Hat ovs-cni-plugin | ||
| Red Hat Kubevirt | ||
| Red Hat Hyperconverged Cluster Operator | ||
| Red Hat virt-handler | ||
| Red Hat virt-cdi-importer | ||
| Red Hat virt-launcher | ||
| Red Hat KubeVirt KVM Info NFD Plugin | ||
| Red Hat virt-api | ||
| Red Hat ovs-cni-marker | ||
| Red Hat kubemacpool | ||
| Red Hat cluster-network-addons-operator | ||
| Red Hat Bridge Marker | ||
| Red Hat vm-import-controller | ||
| Red Hat HCO Bundle Registry |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1684772
- https://bugzilla.redhat.com/show_bug.cgi?id=1716329
- https://bugzilla.redhat.com/show_bug.cgi?id=1724978
- https://bugzilla.redhat.com/show_bug.cgi?id=1725672
- https://bugzilla.redhat.com/show_bug.cgi?id=1727117
- https://bugzilla.redhat.com/show_bug.cgi?id=1780473
- https://bugzilla.redhat.com/show_bug.cgi?id=1787213
- https://bugzilla.redhat.com/show_bug.cgi?id=1789564
- https://bugzilla.redhat.com/show_bug.cgi?id=1795889
- https://bugzilla.redhat.com/show_bug.cgi?id=1796342
- https://bugzilla.redhat.com/show_bug.cgi?id=1802554
- https://bugzilla.redhat.com/show_bug.cgi?id=1805044
- https://bugzilla.redhat.com/show_bug.cgi?id=1806288
- https://bugzilla.redhat.com/show_bug.cgi?id=1806436
- https://bugzilla.redhat.com/show_bug.cgi?id=1811111
- https://bugzilla.redhat.com/show_bug.cgi?id=1811417
- https://bugzilla.redhat.com/show_bug.cgi?id=1816518
- https://bugzilla.redhat.com/show_bug.cgi?id=1817080
- https://bugzilla.redhat.com/show_bug.cgi?id=1819252
- https://bugzilla.redhat.com/show_bug.cgi?id=1820651
- https://bugzilla.redhat.com/show_bug.cgi?id=1821209
- https://bugzilla.redhat.com/show_bug.cgi?id=1822079
- https://bugzilla.redhat.com/show_bug.cgi?id=1822315
- https://bugzilla.redhat.com/show_bug.cgi?id=1823342
- https://bugzilla.redhat.com/show_bug.cgi?id=1823699
- https://bugzilla.redhat.com/show_bug.cgi?id=1823701
- https://bugzilla.redhat.com/show_bug.cgi?id=1825801
- https://bugzilla.redhat.com/show_bug.cgi?id=1826044
- https://bugzilla.redhat.com/show_bug.cgi?id=1827257
- https://bugzilla.redhat.com/show_bug.cgi?id=1828401
- https://bugzilla.redhat.com/show_bug.cgi?id=1829376
- https://bugzilla.redhat.com/show_bug.cgi?id=1830780
- https://bugzilla.redhat.com/show_bug.cgi?id=1831536
- https://bugzilla.redhat.com/show_bug.cgi?id=1832179
- https://bugzilla.redhat.com/show_bug.cgi?id=1832283
- https://bugzilla.redhat.com/show_bug.cgi?id=1832291
- https://bugzilla.redhat.com/show_bug.cgi?id=1832769
- https://bugzilla.redhat.com/show_bug.cgi?id=1833220
- https://bugzilla.redhat.com/show_bug.cgi?id=1833376
- https://bugzilla.redhat.com/show_bug.cgi?id=1833786
- https://bugzilla.redhat.com/show_bug.cgi?id=1834253
- https://bugzilla.redhat.com/show_bug.cgi?id=1835242
- https://bugzilla.redhat.com/show_bug.cgi?id=1835426
- https://bugzilla.redhat.com/show_bug.cgi?id=1836792
- https://bugzilla.redhat.com/show_bug.cgi?id=1837182
- https://bugzilla.redhat.com/show_bug.cgi?id=1837670
- https://bugzilla.redhat.com/show_bug.cgi?id=1838066
- https://bugzilla.redhat.com/show_bug.cgi?id=1838424
- https://bugzilla.redhat.com/show_bug.cgi?id=1839982
- https://bugzilla.redhat.com/show_bug.cgi?id=1840047
- https://bugzilla.redhat.com/show_bug.cgi?id=1840220
- https://bugzilla.redhat.com/show_bug.cgi?id=1840652
- https://bugzilla.redhat.com/show_bug.cgi?id=1841065
- https://bugzilla.redhat.com/show_bug.cgi?id=1841325
- https://bugzilla.redhat.com/show_bug.cgi?id=1841505
- https://bugzilla.redhat.com/show_bug.cgi?id=1842869
- https://bugzilla.redhat.com/show_bug.cgi?id=1842958
- https://bugzilla.redhat.com/show_bug.cgi?id=1843219
- https://bugzilla.redhat.com/show_bug.cgi?id=1843456
- https://bugzilla.redhat.com/show_bug.cgi?id=1843467
- https://bugzilla.redhat.com/show_bug.cgi?id=1843519
- https://bugzilla.redhat.com/show_bug.cgi?id=1843948
- https://bugzilla.redhat.com/show_bug.cgi?id=1844057
- https://bugzilla.redhat.com/show_bug.cgi?id=1844105
- https://bugzilla.redhat.com/show_bug.cgi?id=1844907
- https://bugzilla.redhat.com/show_bug.cgi?id=1845060
- https://bugzilla.redhat.com/show_bug.cgi?id=1845061
- https://bugzilla.redhat.com/show_bug.cgi?id=1845477
- https://bugzilla.redhat.com/show_bug.cgi?id=1845557
- https://bugzilla.redhat.com/show_bug.cgi?id=1845604
- https://bugzilla.redhat.com/show_bug.cgi?id=1845899
- https://bugzilla.redhat.com/show_bug.cgi?id=1845901
- https://bugzilla.redhat.com/show_bug.cgi?id=1847070
- https://bugzilla.redhat.com/show_bug.cgi?id=1847594
- https://bugzilla.redhat.com/show_bug.cgi?id=1848004
- https://bugzilla.redhat.com/show_bug.cgi?id=1848007
- https://bugzilla.redhat.com/show_bug.cgi?id=1848951
- https://bugzilla.redhat.com/show_bug.cgi?id=1849527
- https://bugzilla.redhat.com/show_bug.cgi?id=1849915
- https://bugzilla.redhat.com/show_bug.cgi?id=1850425
- https://bugzilla.redhat.com/show_bug.cgi?id=1850467
- https://bugzilla.redhat.com/show_bug.cgi?id=1850482
- https://bugzilla.redhat.com/show_bug.cgi?id=1850937
- https://bugzilla.redhat.com/show_bug.cgi?id=1851856
- https://bugzilla.redhat.com/show_bug.cgi?id=1851886
- https://bugzilla.redhat.com/show_bug.cgi?id=1852446
- https://bugzilla.redhat.com/show_bug.cgi?id=1853028
- https://bugzilla.redhat.com/show_bug.cgi?id=1853133
- https://bugzilla.redhat.com/show_bug.cgi?id=1853373
- https://bugzilla.redhat.com/show_bug.cgi?id=1854419
- https://bugzilla.redhat.com/show_bug.cgi?id=1854744
- https://bugzilla.redhat.com/show_bug.cgi?id=1855256
- https://bugzilla.redhat.com/show_bug.cgi?id=1856438
- https://bugzilla.redhat.com/show_bug.cgi?id=1856447
- https://bugzilla.redhat.com/show_bug.cgi?id=1856979
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2020:3194 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2020:3194?
The severity of RHSA-2020:3194 is classified as critical due to vulnerabilities that could allow unauthorized access to host files and enable potential network exposure.
How do I fix RHSA-2020:3194?
To fix RHSA-2020:3194, you should apply the latest security updates as provided by Red Hat for OpenShift Virtualization.
What vulnerabilities are addressed in RHSA-2020:3194?
RHSA-2020:3194 addresses vulnerabilities including CVE-2020-14316 that allows VMIs to access host files.
Which products are affected by RHSA-2020:3194?
RHSA-2020:3194 affects the Red Hat OpenShift Container Platform, specifically its virtualization components.
Is there a workaround for RHSA-2020:3194?
There are no specific workarounds mentioned for RHSA-2020:3194, so immediate patching is recommended.
- agent/severity
- agent/type
- agent/event
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:3194
- agent/first-publish-date
- agent/trending
- agent/remedy
- agent/references
- agent/title
- agent/description
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/red hat
- canonical/red hat openshift virtualization
- canonical/red hat kubevirt ssp operator
- canonical/red hat virt-cdi-controller
- canonical/red hat virt-cdi-uploadproxy
- canonical/red hat hostpath provisioner
- canonical/red hat virt cdi operator
- canonical/red hat kubevirt metrics collector
- canonical/red hat cnv container networking plugins
- canonical/red hat kubevirt kvm info nfd plugin
- canonical/red hat hostpath provisioner operator
- canonical/red hat virt-cdi-uploadserver
- canonical/red hat virt-cdi-apiserver
- canonical/red hat virt controller
- canonical/red hat virt-cdi-cloner
- canonical/red hat kubevirt template validator
- canonical/red hat vm-import-operator
- canonical/red hat kubernetes nmstate handler
- canonical/red hat node maintenance operator
- canonical/red hat virt-operator
- canonical/red hat kubevirt v2v conversion
- canonical/red hat cnv-must-gather
- canonical/virtio-win
- canonical/red hat kubevirt cpu node labeller
- canonical/red hat ovs-cni-plugin
- canonical/red hat kubevirt
- canonical/red hat hyperconverged cluster operator
- canonical/red hat virt-handler
- canonical/red hat virt-cdi-importer
- canonical/red hat virt-launcher
- canonical/red hat virt-api
- canonical/red hat ovs-cni-marker
- canonical/red hat kubemacpool
- canonical/red hat cluster-network-addons-operator
- canonical/red hat bridge marker
- canonical/red hat vm-import-controller
- canonical/red hat hco bundle registry