—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update
\nAdvisory ID: RHSA-2022:8750-01
\nProduct: cnv
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8750
\nIssue date: 2022-12-01
\nCVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256
\nCVE-2020-35525 CVE-2020-35527 CVE-2021-0308
\nCVE-2021-38561 CVE-2022-0391 CVE-2022-0934
\nCVE-2022-1292 CVE-2022-1304 CVE-2022-1586
\nCVE-2022-1785 CVE-2022-1897 CVE-2022-1927
\nCVE-2022-2068 CVE-2022-2097 CVE-2022-2509
\nCVE-2022-3515 CVE-2022-22624 CVE-2022-22628
\nCVE-2022-22629 CVE-2022-22662 CVE-2022-24675
\nCVE-2022-24795 CVE-2022-24921 CVE-2022-25308
\nCVE-2022-25309 CVE-2022-25310 CVE-2022-26700
\nCVE-2022-26709 CVE-2022-26710 CVE-2022-26716
\nCVE-2022-26717 CVE-2022-26719 CVE-2022-27404
\nCVE-2022-27405 CVE-2022-27406 CVE-2022-28327
\nCVE-2022-29154 CVE-2022-30293 CVE-2022-30629
\nCVE-2022-30698 CVE-2022-30699 CVE-2022-32206
\nCVE-2022-32208 CVE-2022-34903 CVE-2022-37434
\nCVE-2022-38177 CVE-2022-38178 CVE-2022-40674
\n====================================================================
\n1. Summary:<\/p>\n
Red Hat OpenShift Virtualization release 4.11.1 is now available with
\nupdates to packages and images that fix several bugs and add enhancements.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n
2. Description:<\/p>\n
OpenShift Virtualization is Red Hat’s virtualization solution designed for
\nRed Hat OpenShift Container Platform.<\/p>\n
Security Fix(es):<\/p>\n
* golang: out-of-bounds read in golang.org\/x\/text\/language leads to DoS
\n(CVE-2021-38561)<\/p>\n
* golang: encoding\/pem: fix stack overflow in Decode (CVE-2022-24675)<\/p>\n
* golang: regexp: stack exhaustion via a deeply nested expression
\n(CVE-2022-24921)<\/p>\n
* golang: crypto\/elliptic: panic caused by oversized scalar
\n(CVE-2022-28327)<\/p>\n
* golang: crypto\/tls: session tickets lack random ticket_age_add
\n(CVE-2022-30629)<\/p>\n
For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n
Bug Fix(es):<\/p>\n
* Cloning a Block DV to VM with Filesystem with not big enough size comes
\nto endless loop – using pvc api (BZ#2033191)<\/p>\n
* Restart of VM Pod causes SSH keys to be regenerated within VM
\n(BZ#2087177)<\/p>\n
* Import gzipped raw file causes image to be downloaded and uncompressed to
\nTMPDIR (BZ#2089391)<\/p>\n
* [4.11] VM Snapshot Restore hangs indefinitely when backed by a
\nsnapshotclass (BZ#2098225)<\/p>\n
* Fedora version in DataImportCrons is not ‘latest’ (BZ#2102694)<\/p>\n
* [4.11] Cloned VM’s snapshot restore fails if the source VM disk is
\ndeleted (BZ#2109407)<\/p>\n
* CNV introduces a compliance check fail in “ocp4-moderate” profile –
\nroutes-protected-by-tls (BZ#2110562)<\/p>\n
* Nightly build: v4.11.0-578: index format was changed in 4.11 to
\nfile-based instead of sqlite-based (BZ#2112643)<\/p>\n
* Unable to start windows VMs on PSI setups (BZ#2115371)<\/p>\n
* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity
\nrestricted:v1.24 (BZ#2128997)<\/p>\n
* Mark Windows 11 as TechPreview (BZ#2129013)<\/p>\n
* 4.11.1 rpms (BZ#2139453)<\/p>\n
This advisory contains the following OpenShift Virtualization 4.11.1
\nimages.<\/p>\n
RHEL-8-CNV-4.11<\/p>\n
virt-cdi-operator-container-v4.11.1-5
\nvirt-cdi-uploadserver-container-v4.11.1-5
\nvirt-cdi-apiserver-container-v4.11.1-5
\nvirt-cdi-importer-container-v4.11.1-5
\nvirt-cdi-controller-container-v4.11.1-5
\nvirt-cdi-cloner-container-v4.11.1-5
\nvirt-cdi-uploadproxy-container-v4.11.1-5
\ncheckup-framework-container-v4.11.1-3
\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7
\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7
\nkubevirt-template-validator-container-v4.11.1-4
\nvirt-handler-container-v4.11.1-5
\nhostpath-provisioner-operator-container-v4.11.1-4
\nvirt-api-container-v4.11.1-5
\nvm-network-latency-checkup-container-v4.11.1-3
\ncluster-network-addons-operator-container-v4.11.1-5
\nvirtio-win-container-v4.11.1-4
\nvirt-launcher-container-v4.11.1-5
\novs-cni-marker-container-v4.11.1-5
\nhyperconverged-cluster-webhook-container-v4.11.1-7
\nvirt-controller-container-v4.11.1-5
\nvirt-artifacts-server-container-v4.11.1-5
\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7
\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7
\nlibguestfs-tools-container-v4.11.1-5
\nhostpath-provisioner-container-v4.11.1-4
\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7
\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7
\ncnv-containernetworking-plugins-container-v4.11.1-5
\nbridge-marker-container-v4.11.1-5
\nvirt-operator-container-v4.11.1-5
\nhostpath-csi-driver-container-v4.11.1-4
\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7
\nkubemacpool-container-v4.11.1-5
\nhyperconverged-cluster-operator-container-v4.11.1-7
\nkubevirt-ssp-operator-container-v4.11.1-4
\novs-cni-plugin-container-v4.11.1-5
\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7
\nkubevirt-tekton-tasks-operator-container-v4.11.1-2
\ncnv-must-gather-container-v4.11.1-8
\nkubevirt-console-plugin-container-v4.11.1-9
\nhco-bundle-registry-container-v4.11.1-49<\/p>\n
3. Solution:<\/p>\n
Before applying this update, make sure all previously released errata
\nrelevant to your system have been applied.<\/p>\n
For details on how to apply this update, refer to:<\/p>\n
https:\/\/access.redhat.com\/articles\/11258<\/p>\n
4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
2033191 – Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop – using pvc api
\n2064857 – CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
\n2070772 – When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML
\n2077688 – CVE-2022-24675 golang: encoding\/pem: fix stack overflow in Decode
\n2077689 – CVE-2022-28327 golang: crypto\/elliptic: panic caused by oversized scalar
\n2087177 – Restart of VM Pod causes SSH keys to be regenerated within VM
\n2089391 – Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
\n2091856 – ?Edit BootSource? action should have more explicit information when disabled
\n2092793 – CVE-2022-30629 golang: crypto\/tls: session tickets lack random ticket_age_add
\n2098225 – [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
\n2100495 – CVE-2021-38561 golang: out-of-bounds read in golang.org\/x\/text\/language leads to DoS
\n2102694 – Fedora version in DataImportCrons is not ‘latest’
\n2109407 – [4.11] Cloned VM’s snapshot restore fails if the source VM disk is deleted
\n2110562 – CNV introduces a compliance check fail in “ocp4-moderate” profile – routes-protected-by-tls
\n2112643 – Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based
\n2115371 – Unable to start windows VMs on PSI setups
\n2119613 – GiB changes to B in Template’s Edit boot source reference modal
\n2128554 – The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
\n2128872 – [4.11]Can’t restore cloned VM
\n2128997 – [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
\n2129013 – Mark Windows 11 as TechPreview
\n2129235 – [RFE] Add “Copy SSH command” to VM action list
\n2134668 – Cannot edit ssh even vm is stopped
\n2139453 – 4.11.1 rpms<\/p>\n
5. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2015-20107
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2016-3709
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-0256
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-35525
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-35527
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-0308
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-38561
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0391
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-0934
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1292
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1304
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1586
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1785
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1897
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1927
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-2068
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-2097
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-2509
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-3515
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-22624
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-22628
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-22629
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-22662
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24675
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24795
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-24921
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-25308
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-25309
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-25310
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26700
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26709
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26710
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26716
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26717
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26719
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27404
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27405
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27406
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-28327
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-29154
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30293
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30629
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30698
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30699
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-32206
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-32208
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-34903
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-37434
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-38177
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-38178
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-40674
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate<\/p>\n
6. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBY4lNCdzjgjWX9erEAQhXxhAAjaag4e7jIpQLpc0kJhc\/hn59M4UIxn8v
\na1L+lD58IrBfY3KAtSAK0t3ei92Lyf8LCJqm027yGlIskeCV91vkO9ZpJhPfRasU
\nu1a8Uhd\/5F6caB0xUPX26vyCyksalw17CNmLWh5wd2izhkOGctkgVD7LhsVzXbFh
\ntIomeVp\/hVwW9ILX03ijss27E6m2ZUczgWmuNpviqW8WRFMUw3ZM+1MxnSDHxURe
\nH28dsj2l7nrshdBGrZeuj2HBoA0\/x3Vsc2jiXfP8nt7LcQ\/pb1DN4MYo6lAAEVkC
\nO2LlzTAzw\/3MAGofaRinyHZD2aoqicPqooUIQglBbF6cvYAUrMtxRCwKcZOckE3d
\nF2exKjihBY3JeLlsjpWXBe0yAhdwse7j0oovNL2uQH1imUr7Y1pXVlJqeDzHkzME
\nMIRKzuuTGJe1D9Av4S8R+W5eT7iXBAH7x9Lia1NFxeflemVQbyr8ayEMLcmiDuyj
\nxMKYFFpW9GmplZlCnDaG5lxKu8ZbOkRzanaLeLn+G5j1+1w9Y9wGtlXJIHV6gmfC
\nWk33MBCpqCGg1Wz+SlXJCtksnYmvKdzn79b2HInvPJtndDQ\/VidcN2MuJfkYe688
\n2m3FYMI0ehPummvv3iGXLz5ku6gD6y0qNhNWC6HM+hLNnPvvukXXcFgCyonJuv0I
\nAqwDoKa8myM=pIHc
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update Advisory ID: RHSA-2022:8750-01 Product: cnv Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8750 Issue date: 2022-12-01 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-22624 CVE-2022-22628 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-34336","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=34336"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34336\/revisions"}],"predecessor-version":[{"id":34367,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34336\/revisions\/34367"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=34336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=34336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=34336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}