RHSA-2022:4896: Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]

First published: Thu Jun 02 2022(Updated: )

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.<br>Security Fix(es):<br><li> kernel: use-after-free in RDMA listen() (CVE-2021-4028)</li> <li> kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)</li> <li> kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)</li> <li> openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)</li> <li> zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)</li> <li> gzip: arbitrary-file-write vulnerability (CVE-2022-1271)</li> <li> rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fixes:<br><li> elfutils package has been update within RHV-H Channel to match the same version released in RHEL (BZ#2038081)</li> <li> Rebase package(s) to version 1.2.24</li> For highlights, important fixes, or notable enhancements: see bugs in "Depend On". (BZ#2057338)<br><li> Rebase package(s) to version: 4.5.0</li> Highlights, important fixes, or notable enhancements: (BZ#2057342)<br><li> Rebase package(s) to version anaconda-33.16.6.6-1.el8</li> For highlights and important bug fixes: include UI change for blocking installation if root password is not set. (BZ#1899821)<br><li> Red hat Virtualization Host has been rebased on Red Hat Enterprise Linux 8.6 (BZ#1997074)</li> <li> Previously, concurrent executions of LV refresh (lvchange) failed. This hindered simultaneous starts of virtual machines that have thin-provisioned disks based on the same disk on a block storage domain.</li> In this release, concurrent execution of LV refresh has been fixed in LVM2. (BZ#2020497)<br><li> Red Hat Virtualization Host has been rebased on latest Ceph 4.3 (BZ#2090138)</li> <li> In previous releases systemtap package could have been installed on top of RHV-H from RHV-H channel. With 4.4 SP1 systemtap package installation is not supported anymore (BZ#2052963)</li>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/type
• agent/softwarecombine
• agent/last-modified-date
• agent/references
• agent/first-publish-date
• agent/weakness
• agent/remedy
• agent/title
• agent/description
• agent/tags
• agent/event
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2022:4896
• agent/software-canonical-lookup
• package-manager/redhat