First published: Thu Jun 02 2022(Updated: )
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.<br>Security Fix(es):<br><li> kernel: use-after-free in RDMA listen() (CVE-2021-4028)</li> <li> kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)</li> <li> kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)</li> <li> openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)</li> <li> zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)</li> <li> gzip: arbitrary-file-write vulnerability (CVE-2022-1271)</li> <li> rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fixes:<br><li> elfutils package has been update within RHV-H Channel to match the same version released in RHEL (BZ#2038081)</li> <li> Rebase package(s) to version 1.2.24</li> For highlights, important fixes, or notable enhancements: see bugs in "Depend On". (BZ#2057338)<br><li> Rebase package(s) to version: 4.5.0</li> Highlights, important fixes, or notable enhancements: (BZ#2057342)<br><li> Rebase package(s) to version anaconda-33.16.6.6-1.el8</li> For highlights and important bug fixes: include UI change for blocking installation if root password is not set. (BZ#1899821)<br><li> Red hat Virtualization Host has been rebased on Red Hat Enterprise Linux 8.6 (BZ#1997074)</li> <li> Previously, concurrent executions of LV refresh (lvchange) failed. This hindered simultaneous starts of virtual machines that have thin-provisioned disks based on the same disk on a block storage domain.</li> In this release, concurrent execution of LV refresh has been fixed in LVM2. (BZ#2020497)<br><li> Red Hat Virtualization Host has been rebased on latest Ceph 4.3 (BZ#2090138)</li> <li> In previous releases systemtap package could have been installed on top of RHV-H from RHV-H channel. With 4.4 SP1 systemtap package installation is not supported anymore (BZ#2052963)</li>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/imgbased | <1.2.24-1.el8e | 1.2.24-1.el8e |
redhat/ovirt-node-ng | <4.4.2-1.el8e | 4.4.2-1.el8e |
redhat/redhat-release-virtualization-host | <4.5.0-5.el8e | 4.5.0-5.el8e |
redhat/redhat-virtualization-host-productimg | <4.5.0-2.el8 | 4.5.0-2.el8 |
redhat/ovirt-node-ng-nodectl | <4.4.2-1.el8e | 4.4.2-1.el8e |
redhat/python3-imgbased | <1.2.24-1.el8e | 1.2.24-1.el8e |
redhat/python3-ovirt-node-ng-nodectl | <4.4.2-1.el8e | 4.4.2-1.el8e |
redhat/redhat-release-virtualization-host-content | <4.5.0-5.el8e | 4.5.0-5.el8e |
redhat/redhat-virtualization-host-image-update-placeholder | <4.5.0-5.el8e | 4.5.0-5.el8e |
redhat/redhat-virtualization-host-productimg | <4.5.0-2.el8 | 4.5.0-2.el8 |
redhat/elfutils | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-debuginfo | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-debuginfod-client | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-debuginfod-client-debuginfo | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-debuginfod-debuginfo | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-debugsource | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-devel | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-libelf-debuginfo | <0.186-1.el8 | 0.186-1.el8 |
redhat/elfutils-libs-debuginfo | <0.186-1.el8 | 0.186-1.el8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.