Headline
RHSA-2022:1263: Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.22
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- CVE-2021-4028: kernel: use-after-free in RDMA listen()
- CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it
- CVE-2021-4155: kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
- CVE-2021-45417: aide: heap-based buffer overflow on outputs larger than B64_BUF
- CVE-2022-0330: kernel: possible privileges escalation due to missing TLB flush
- CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
- CVE-2022-22942: kernel: failing usercopy allows for use-after-free exploitation
- CVE-2022-24407: cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
- CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25236: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25315: expat: Integer overflow in storeRawNames()
Issued:
2022-04-07
Updated:
2022-04-07
RHSA-2022:1263 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: RHV-H security update (redhat-virtualization-host) 4.3.22
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The redhat-virtualization-host packages provide the Red Hat Virtualization Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines.
RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.
Security Fix(es):
- kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
- kernel: use-after-free in RDMA listen() (CVE-2021-4028)
- kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
- kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
- aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)
- kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
- cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
- expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
- expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
- expat: Integer overflow in storeRawNames() (CVE-2022-25315)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)
Affected Products
- Red Hat Virtualization 4 for RHEL 7 x86_64
- Red Hat Virtualization Host 4 for RHEL 7 x86_64
Fixes
- BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
- BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
- BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- BZ - 2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
- BZ - 2041489 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
- BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
- BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
- BZ - 2048409 - Rebase RHV-H 4.3 on RHEL 7.9 batch #13
- BZ - 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
- BZ - 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()
- BZ - 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- BZ - 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
CVEs
- CVE-2021-0920
- CVE-2021-4028
- CVE-2021-4083
- CVE-2021-4155
- CVE-2021-45417
- CVE-2022-0330
- CVE-2022-0778
- CVE-2022-22942
- CVE-2022-24407
- CVE-2022-25235
- CVE-2022-25236
- CVE-2022-25315
Red Hat Virtualization 4 for RHEL 7
SRPM
redhat-release-virtualization-host-4.3.22-1.el7ev.src.rpm
SHA-256: 825c9b231a4224f513e2aea3c88d0bdaaa06d1839ec89c481e257cd99983ba03
redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm
SHA-256: 05a6ead4f556de849e8320c5381c8502b7c7a8e5f529c5a225b1201aba7c5c60
redhat-virtualization-host-productimg-4.3.22-1.el7.src.rpm
SHA-256: fbf8825b8e2dd34830eff8ebf2d9125d7f16430aa195fac14faf1a712da1a84b
x86_64
redhat-release-virtualization-host-4.3.22-1.el7ev.x86_64.rpm
SHA-256: 8aa8920ea0896234be2944c66e228a37f63e5e61dc0fe9d1f85fcd8a03686465
redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm
SHA-256: 0a499c585a44c7c43bf532b5b79e4f8f8d4fec1b14df276c12e1b2cbcfffec37
redhat-virtualization-host-image-update-placeholder-4.3.22-1.el7ev.noarch.rpm
SHA-256: 5caacbeb8a9c06747dfbc6c54e20aa58ba05fed21e257c0be431b9ae6eb10337
redhat-virtualization-host-productimg-4.3.22-1.el7.x86_64.rpm
SHA-256: d127a7d2f6a448687efaba3c25f6073d23b7b4b71496d8805694e4acd7aa552a
Red Hat Virtualization Host 4 for RHEL 7
SRPM
redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm
SHA-256: 05a6ead4f556de849e8320c5381c8502b7c7a8e5f529c5a225b1201aba7c5c60
x86_64
redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm
SHA-256: 0a499c585a44c7c43bf532b5b79e4f8f8d4fec1b14df276c12e1b2cbcfffec37
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.