Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:4191: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es):

  • QEMU: net: e1000e: use-after-free while sending packets (CVE-2020-15859)
  • QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) (CVE-2021-3592)
  • QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) (CVE-2021-3593)
  • QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) (CVE-2021-3594)
  • QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) (CVE-2021-3595)
  • libvirt: Insecure sVirt label generation (CVE-2021-3631)
  • libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API (CVE-2021-3667) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Related CVEs:
  • CVE-2020-15859: QEMU: net: e1000e: use-after-free while sending packets
  • CVE-2021-3592: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp)
  • CVE-2021-3593: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6)
  • CVE-2021-3594: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp)
  • CVE-2021-3595: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp)
  • CVE-2021-3631: libvirt: Insecure sVirt label generation
  • CVE-2021-3667: libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
Red Hat Security Data
#vulnerability#mac#linux#red_hat

Related news

RHSA-2021:4590: Red Hat Security Advisory: rust-toolset:rhel8 security update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in rust in order to facilitate detection of BiDi Unicode characters: Rust introduces two new lints to detect and reject code containing the affected codepoints. These new deny-by-default lints detect affected codepoints in string literals and comments. The lints will prevent source code file containing these codepoints...

RHSA-2021:4135: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-3556...

RHSA-2021:4270: Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The following packages have been upgraded to a later upstream version: rust (1.54.0). (BZ#1945805) Security Fix(es): * rust: incorrect parsing of extraneous zero characters at the beginning of an IP address string (CVE-2021-29922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the ...

RHSA-2021:4112: Red Hat Security Advisory: virt:av and virt-devel:av security and bug fix update

An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * qemu-img convert --bitmaps fail if a bitmap is inconsistent (BZ#1993308) * fails to revert snapshot of a VM [balloon/page-poison] (BZ#2005425) * ...

RHSA-2021:3967: Red Hat Security Advisory: OpenJDK 11.0.13 security update for Portable Linux Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Imporant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 (11.0.13) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.12) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-...

RHSA-2021:3968: Red Hat Security Advisory: OpenJDK 11.0.13 security update for Windows Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 (11.0.13) for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.12) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * Open...

RHSA-2021:3960: Red Hat Security Advisory: OpenJDK 8u312 security update for Portable Linux Builds

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (1.8.0.312) for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 (1.8.0.302) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2...

RHSA-2021:3961: Red Hat Security Advisory: OpenJDK 8u312 Windows Builds release and security update

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (1.8.0.312) for Windows serves as a replacement for the Red Hat build of OpenJDK 8 (1.8.0.302) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * Ope...