Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1053: Red Hat Security Advisory: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
  • CVE-2022-25236: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
  • CVE-2022-25315: expat: Integer overflow in storeRawNames()
Red Hat Security Data
Open in Source
#vulnerability#web#mac#linux#red_hat#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-03-24

Updated:

2022-03-24

RHSA-2022:1053 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

Security Fix(es):

  • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
  • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
  • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Red Hat Virtualization Host was rebased on Red Hat Enterprise Linux 8.5.0.3. (BZ#2048407)
  • Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40

Highlights and important bug fixes: consume libvirt fix for failure to connect socket to ‘/run/libvirt/virtlogd-sock’ - possibly caused by too many open files from libvirtd. (BZ#2057048)

Affected Products

  • Red Hat Virtualization 4 for RHEL 8 x86_64
  • Red Hat Virtualization Host 4 for RHEL 8 x86_64

Fixes

  • BZ - 2034626 - Upgrade elfutils to elfutils-0.185-1.el8
  • BZ - 2048407 - Rebase RHV-H 4.4.10 on RHEL 8.5.0.3
  • BZ - 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()
  • BZ - 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
  • BZ - 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
  • BZ - 2057048 - consume libvirt fix for: Failed to connect socket to ‘/run/libvirt/virtlogd-sock’ - possibly caused by Too many open files from libvirtd

Red Hat Virtualization 4 for RHEL 8

SRPM

redhat-release-virtualization-host-4.4.10-3.el8ev.src.rpm

SHA-256: 4d45d8a951cf55718d3b7fcfcd46003911a184cac3b278b75022ae54a250a1a0

x86_64

redhat-release-virtualization-host-4.4.10-3.el8ev.x86_64.rpm

SHA-256: 804aef23e6358ce24abf3934ae3068602fb82b8a4c9e9a239f3de1cada26c60d

redhat-release-virtualization-host-content-4.4.10-3.el8ev.x86_64.rpm

SHA-256: 6c8bb4932aa3f121b1f15c021aaf29da6734b1d139c50a6dfc7145e74a7b651d

redhat-virtualization-host-image-update-placeholder-4.4.10-3.el8ev.noarch.rpm

SHA-256: 474a5f80b6280cb4c48d934640804559d93848d219ab4f241cbceb963b81971f

Red Hat Virtualization Host 4 for RHEL 8

SRPM

elfutils-0.185-1.el8.src.rpm

SHA-256: 3e34cfbe0ee504e295857f3b353df0c3bb5363847742115a70e12ede1613129c

redhat-virtualization-host-4.4.10-202203211649_8.5.src.rpm

SHA-256: 37485fbdb8b263ae572bbbf7efef7beb97233748b78a31327350e67c35852b6d

x86_64

elfutils-debuginfo-0.185-1.el8.x86_64.rpm

SHA-256: 4be8907ec6043585ab64712aadfead57f7609461c9a5ef831cfaf1cef2f73c12

elfutils-debuginfod-client-0.185-1.el8.x86_64.rpm

SHA-256: 1291973fb1c479d3d3dab62d7dbcda052ab998779a0eb2e45427d0e2257d8db4

elfutils-debuginfod-client-debuginfo-0.185-1.el8.x86_64.rpm

SHA-256: a911308d4bc58505f6146da97e1f1a29fe4157e3513611e5ef0bcdc6ccc61750

elfutils-debuginfod-debuginfo-0.185-1.el8.x86_64.rpm

SHA-256: 040cf6d9ad2aab17a3b17cd0937e37ff074a62f4cbc60410f95201d0203fd5a3

elfutils-debugsource-0.185-1.el8.x86_64.rpm

SHA-256: fc6d11f080b1196f8aaec22d80b779ff41d091474a39d1ac015c26afab02dcb0

elfutils-devel-0.185-1.el8.x86_64.rpm

SHA-256: 5001917a5c97fec5397792750adfd8efde1e096feab427f35fa807d7c0f3ec7d

elfutils-libelf-debuginfo-0.185-1.el8.x86_64.rpm

SHA-256: 0ecf63f61a91e5d9ec58401f0401473e1908392980c5ddee7f8017ce3d895c4b

elfutils-libs-debuginfo-0.185-1.el8.x86_64.rpm

SHA-256: 9c127db613b96a75b9d2406ecab9b2f928a2da408b2f64c2ecb78040e69649cc

redhat-virtualization-host-image-update-4.4.10-202203211649_8.5.x86_64.rpm

SHA-256: 6c55ff91106447e58340a445fad019a98c92b72dd93837a76e0f0c2f40324b0c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data