exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-1402-01

Red Hat Security Advisory 2022-1402-01
Posted Apr 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1402-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 2.6.10 RPMs.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33195, CVE-2021-33197, CVE-2021-33198
SHA-256 | 4cec158739b9117fdffecab7b9b613061831e5b9a8fa9335e4a2eed7dc8f7945

Red Hat Security Advisory 2022-1402-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Virtualization 2.6.10 RPMs security and bug fix update
Advisory ID: RHSA-2022:1402-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1402
Issue date: 2022-04-19
CVE Names: CVE-2021-33195 CVE-2021-33197 CVE-2021-33198
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 2.6.10 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CNV 2.6 for RHEL 7 - x86_64
CNV 2.6 for RHEL 8 - x86_64

3. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 2.6.10 RPMs.

Security Fix(es):

* golang: net: lookup functions may return invalid host names
(CVE-2021-33195)

* golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)

* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
2051113 - 2.6.10 rpms

6. Package List:

CNV 2.6 for RHEL 7:

Source:
kubevirt-2.6.10-230.el7.src.rpm

x86_64:
kubevirt-virtctl-2.6.10-230.el7.x86_64.rpm
kubevirt-virtctl-redistributable-2.6.10-230.el7.x86_64.rpm

CNV 2.6 for RHEL 8:

Source:
kubevirt-2.6.10-230.el8.src.rpm

x86_64:
kubevirt-virtctl-2.6.10-230.el8.x86_64.rpm
kubevirt-virtctl-redistributable-2.6.10-230.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-33195
https://access.redhat.com/security/cve/CVE-2021-33197
https://access.redhat.com/security/cve/CVE-2021-33198
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYl7uftzjgjWX9erEAQga0g//Uuj2PhJ9sjQLWl6NCvZ0u8clCtMPCUIJ
RBMwzmvsspsqGBGIHVDYRGU9EAf+F082B5wHUU+SXCDonbpfvWTu+hI+aLiTLKTY
T2zJE8q1b6qMXk4FOcBxKgnaGuEW/snfwPnqOPrmDpK/DLe1cpmZ+dGu4prxg8PL
1HZj2ASEyeR3E1YK0JzWVDINeCXFoNAJeVa7Xf48iFcpqPgVOL3g6DQAVd4PoqoL
QgfA6fhEpine9ADuxtLKKlbulosJSX2v1xlWRBDLeHQ1pmCUBys9xB6v7I+3LfYb
QAz8JPrQMZu6N/3+wTp5aHWOeKD7kERDQOXXkDO59qz4hjB0a9xZsKM+3mPv5lnT
UAfsjjUhDzc0Ya35A/Keawf0roySEGAxQ3L1ceuTBnarWp9v0ZooKA6uAGKXxhhx
agn02J9TzC3bAh88NUlHUXFMslQkJMrFy7edtvzumN2IdFxDHRyN1okj86uLuxiB
D5mAjjRXN6ezESZGayZVJiZTKHwesk+/7tGgvxUcKQiNaHZYAbQuSwI3T4cVjPME
p/MY6MFhcXocE+HeFl43Dr51aXq1axahQcN1GahIjZW139Vjhp6kaQSjV+ofj/oP
XzEWhSC1g5x/h9wM4nexo7Lcy4Mp+qVVL4Xn5lXNWNLyb06aiPhoQEGcrZIr4hnO
dSKQq2JB3GQ=
=a2y4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close