Headline

RHSA-2022:1263: Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.22

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation
CVE-2021-4028: kernel: use-after-free in RDMA listen()
CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it
CVE-2021-4155: kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
CVE-2021-45417: aide: heap-based buffer overflow on outputs larger than B64_BUF
CVE-2022-0330: kernel: possible privileges escalation due to missing TLB flush
CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
CVE-2022-22942: kernel: failing usercopy allows for use-after-free exploitation
CVE-2022-24407: cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
CVE-2022-25236: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
CVE-2022-25315: expat: Integer overflow in storeRawNames()

2 years ago

Red Hat Security Data

Open in Source

#sql #vulnerability #mac #linux #red_hat

Issued:

2022-04-07

Updated:

2022-04-07

RHSA-2022:1263 - Security Advisory

Overview
Updated Packages

Synopsis

Important: RHV-H security update (redhat-virtualization-host) 4.3.22

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines.
RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

Security Fix(es):

kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
kernel: use-after-free in RDMA listen() (CVE-2021-4028)
kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)
kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
expat: Integer overflow in storeRawNames() (CVE-2022-25315)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)

Affected Products

Red Hat Virtualization 4 for RHEL 7 x86_64
Red Hat Virtualization Host 4 for RHEL 7 x86_64

Fixes

BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
BZ - 2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
BZ - 2041489 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
BZ - 2048409 - Rebase RHV-H 4.3 on RHEL 7.9 batch #13
BZ - 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
BZ - 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()
BZ - 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
BZ - 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates