RHSA-2022:8750: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update
First published: Thu Dec 01 2022(Updated: )
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.<br>Security Fix(es):<br><li> golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)</li> <li> golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)</li> <li> golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)</li> <li> golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)</li> <li> golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)</li> <li> Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)</li> <li> Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)</li> <li> [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)</li> <li> Fedora version in DataImportCrons is not 'latest' (BZ#2102694)</li> <li> [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)</li> <li> CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)</li> <li> Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)</li> <li> Unable to start windows VMs on PSI setups (BZ#2115371)</li> <li> [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)</li> <li> Mark Windows 11 as TechPreview (BZ#2129013)</li> <li> 4.11.1 rpms (BZ#2139453)</li> This advisory contains the following OpenShift Virtualization 4.11.1 images.<br>RHEL-8-CNV-4.11<br>virt-cdi-operator-container-v4.11.1-5<br>virt-cdi-uploadserver-container-v4.11.1-5<br>virt-cdi-apiserver-container-v4.11.1-5<br>virt-cdi-importer-container-v4.11.1-5<br>virt-cdi-controller-container-v4.11.1-5<br>virt-cdi-cloner-container-v4.11.1-5<br>virt-cdi-uploadproxy-container-v4.11.1-5<br>checkup-framework-container-v4.11.1-3<br>kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7<br>kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7<br>kubevirt-template-validator-container-v4.11.1-4<br>virt-handler-container-v4.11.1-5<br>hostpath-provisioner-operator-container-v4.11.1-4<br>virt-api-container-v4.11.1-5<br>vm-network-latency-checkup-container-v4.11.1-3<br>cluster-network-addons-operator-container-v4.11.1-5<br>virtio-win-container-v4.11.1-4<br>virt-launcher-container-v4.11.1-5<br>ovs-cni-marker-container-v4.11.1-5<br>hyperconverged-cluster-webhook-container-v4.11.1-7<br>virt-controller-container-v4.11.1-5<br>virt-artifacts-server-container-v4.11.1-5<br>kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7<br>kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7<br>libguestfs-tools-container-v4.11.1-5<br>hostpath-provisioner-container-v4.11.1-4<br>kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7<br>kubevirt-tekton-tasks-copy-template-container-v4.11.1-7<br>cnv-containernetworking-plugins-container-v4.11.1-5<br>bridge-marker-container-v4.11.1-5<br>virt-operator-container-v4.11.1-5<br>hostpath-csi-driver-container-v4.11.1-4<br>kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7<br>kubemacpool-container-v4.11.1-5<br>hyperconverged-cluster-operator-container-v4.11.1-7<br>kubevirt-ssp-operator-container-v4.11.1-4<br>ovs-cni-plugin-container-v4.11.1-5<br>kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7<br>kubevirt-tekton-tasks-operator-container-v4.11.1-2<br>cnv-must-gather-container-v4.11.1-8<br>kubevirt-console-plugin-container-v4.11.1-9<br>hco-bundle-registry-container-v4.11.1-49
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenShift Virtualization |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2022:8750?
The severity of RHSA-2022:8750 is classified as important due to the potential for denial of service.
How do I fix RHSA-2022:8750?
To fix RHSA-2022:8750, update the affected packages to the latest version provided by Red Hat.
What vulnerabilities does RHSA-2022:8750 address?
RHSA-2022:8750 addresses out-of-bounds read in golang.org/x/text/language and a stack overflow in encoding/pem.
What is the impact of the vulnerabilities in RHSA-2022:8750?
The impact includes potential denial of service attacks due to the identified vulnerabilities.
How can I check if my system is affected by RHSA-2022:8750?
You can check if your system is affected by comparing installed package versions against the advisory provided by Red Hat.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:8750
- agent/title
- agent/references
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat openshift virtualization