RHSA-2022:6551: Important: Red Hat Virtualization security update
First published: Mon Sep 19 2022(Updated: )
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. <br>The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.<br>The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.5.2), redhat-virtualization-host (4.5.2), redhat-virtualization-host-productimg (4.5.2). (BZ#2070049, BZ#2093195)<br>Security Fix(es):<br><li> kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)</li> <li> dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)</li> <li> systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526)</li> <li> kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)</li> <li> rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154)</li> <li> kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/redhat-release-virtualization-host | <4.5.2-1.el8e | 4.5.2-1.el8e |
| redhat/redhat-virtualization-host-productimg | <4.5.2-1.el8 | 4.5.2-1.el8 |
| redhat/redhat-release-virtualization-host-content | <4.5.2-1.el8e | 4.5.2-1.el8e |
| redhat/redhat-virtualization-host-image-update-placeholder | <4.5.2-1.el8e | 4.5.2-1.el8e |
| redhat/redhat-virtualization-host-productimg | <4.5.2-1.el8 | 4.5.2-1.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2064604
- https://bugzilla.redhat.com/show_bug.cgi?id=2092427
- https://bugzilla.redhat.com/show_bug.cgi?id=2099475
- https://bugzilla.redhat.com/show_bug.cgi?id=2107498
- https://bugzilla.redhat.com/show_bug.cgi?id=2109393
- https://bugzilla.redhat.com/show_bug.cgi?id=2109926
- https://bugzilla.redhat.com/show_bug.cgi?id=2110928
- https://bugzilla.redhat.com/show_bug.cgi?id=2114849
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2022:6551 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:6551
- agent/software-canonical-lookup
- package-manager/redhat