Advisory Published

RHSA-2020:4114: Moderate: Red Hat Virtualization security and bug fix update

First published: Wed Sep 30 2020(Updated: )

ovirt-ansible-repositories is an Ansible role used to set up the repositories required for oVirt engine or host installation.<br>The openvswitch package contains components for enabling Open vSwitch; a software-based Ethernet virtual switch. It also includes OVN (Open Virtual Network) components for supporting virtual network abstraction. <br>The Red Hat Virtualization Python SDK is a program that simplifies access to the Red Hat Virtualization API by providing an object-oriented view to developers.<br>Security Fix(es):<br><li> dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() (CVE-2020-10722)</li> <li> dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> Previously, during RHHI-V deployment of 3 hosts using ovirt-ansible-hosted-engine-setup, the Self-Hosted Engine was added to the default cluster, but the additional 2 hosts were not added.</li> In this release, deployment with ovirt-ansible-hosted-engine-setup successfully adds all hosts to the cluster. (BZ#1855283)<br><li> Previously, when creating large numbers of virtual machines (~2300 VMs), the associated Data Centers became unresponsive, and the hosts did not have Storage Pool Managers (SPM).</li> With this release, large scale deployment of virtual machines succeeds without errors. (BZ#1849558)

Affected SoftwareAffected VersionHow to fix
redhat/openvswitch2.11<2.11.0-54.20200327gita4efc59.el7fd
2.11.0-54.20200327gita4efc59.el7fd
redhat/ovirt-ansible-repositories<1.1.6-1.el7e
1.1.6-1.el7e
redhat/ovn2.11<2.11.1-44.el7fd
2.11.1-44.el7fd
redhat/python-ovirt-engine-sdk4<4.3.4-1.el7e
4.3.4-1.el7e
redhat/openvswitch2.11-debuginfo<2.11.0-54.20200327gita4efc59.el7fd
2.11.0-54.20200327gita4efc59.el7fd
redhat/openvswitch2.11-devel<2.11.0-54.20200327gita4efc59.el7fd
2.11.0-54.20200327gita4efc59.el7fd
redhat/ovn2.11-central<2.11.1-44.el7fd
2.11.1-44.el7fd
redhat/ovn2.11-debuginfo<2.11.1-44.el7fd
2.11.1-44.el7fd
redhat/ovn2.11-vtep<2.11.1-44.el7fd
2.11.1-44.el7fd
redhat/python-openvswitch2.11<2.11.0-54.20200327gita4efc59.el7fd
2.11.0-54.20200327gita4efc59.el7fd
redhat/python-ovirt-engine-sdk4-debuginfo<4.3.4-1.el7e
4.3.4-1.el7e
redhat/ovn2.11-host<2.11.1-44.el7fd
2.11.1-44.el7fd

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of RHSA-2020:4114?

    The severity of RHSA-2020:4114 is classified as critical due to potential exploitation risks.

  • How do I fix RHSA-2020:4114?

    To fix RHSA-2020:4114, update the affected packages to their recommended versions.

  • Which packages are affected by RHSA-2020:4114?

    The affected packages include openvswitch2.11, ovirt-ansible-repositories, and several others listed under Red Hat offerings.

  • What are the implications of not addressing RHSA-2020:4114?

    Failing to address RHSA-2020:4114 may expose systems to security vulnerabilities that can be exploited.

  • How can I verify if my system is affected by RHSA-2020:4114?

    You can verify your system's vulnerability status by checking the installed versions of the affected packages against the advisory.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203