Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0408 RHV-H security, bug fix, enhancement update (redhat-virtuali zation-host) 4.3.13 5 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat Virtualization Publisher: Red Hat Operating System: Red Hat Impact/Access: Root Compromise -- Existing Account Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-3156 CVE-2020-25686 CVE-2020-25685 CVE-2020-25684 Reference: ASB-2021.0036 ESB-2021.0407 ESB-2021.0402 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0395 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13 Advisory ID: RHSA-2021:0395-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0395 Issue date: 2021-02-03 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2021-3156 ===================================================================== 1. Summary: An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * When performing an upgrade of the Red Hat Virtualization Host using the command `yum update`, the yum repository for RHV 4.3 EUS is unreachable As a workaround, run the following command: `# yum update --releasever=7Server` (BZ#1899378) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1899378 - rhel-7-server-rhvh-4.3-eus-rpms repo is unavailable 1916111 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #3 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts: Source: vdsm-4.30.51-1.el7ev.src.rpm noarch: vdsm-api-4.30.51-1.el7ev.noarch.rpm vdsm-client-4.30.51-1.el7ev.noarch.rpm vdsm-common-4.30.51-1.el7ev.noarch.rpm vdsm-hook-cpuflags-4.30.51-1.el7ev.noarch.rpm vdsm-hook-ethtool-options-4.30.51-1.el7ev.noarch.rpm vdsm-hook-fcoe-4.30.51-1.el7ev.noarch.rpm vdsm-hook-localdisk-4.30.51-1.el7ev.noarch.rpm vdsm-hook-macspoof-4.30.51-1.el7ev.noarch.rpm vdsm-hook-nestedvt-4.30.51-1.el7ev.noarch.rpm vdsm-hook-openstacknet-4.30.51-1.el7ev.noarch.rpm vdsm-hook-vhostmd-4.30.51-1.el7ev.noarch.rpm vdsm-hook-vmfex-dev-4.30.51-1.el7ev.noarch.rpm vdsm-http-4.30.51-1.el7ev.noarch.rpm vdsm-jsonrpc-4.30.51-1.el7ev.noarch.rpm vdsm-python-4.30.51-1.el7ev.noarch.rpm vdsm-yajsonrpc-4.30.51-1.el7ev.noarch.rpm ppc64le: vdsm-4.30.51-1.el7ev.ppc64le.rpm vdsm-gluster-4.30.51-1.el7ev.ppc64le.rpm vdsm-hook-checkips-4.30.51-1.el7ev.ppc64le.rpm vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.ppc64le.rpm vdsm-network-4.30.51-1.el7ev.ppc64le.rpm x86_64: vdsm-4.30.51-1.el7ev.x86_64.rpm vdsm-gluster-4.30.51-1.el7ev.x86_64.rpm vdsm-hook-checkips-4.30.51-1.el7ev.x86_64.rpm vdsm-hook-extra-ipv4-addrs-4.30.51-1.el7ev.x86_64.rpm vdsm-network-4.30.51-1.el7ev.x86_64.rpm Red Hat Virtualization 4 Hypervisor for RHEL 7: Source: redhat-virtualization-host-4.3.13-20210127.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.13-20210127.0.el7_9.noarch.rpm RHEL 7-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.3.13-2.el7ev.src.rpm redhat-virtualization-host-4.3.13-20210127.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.13-20210127.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.13-2.el7ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.3.13-2.el7ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBp9VtzjgjWX9erEAQhMgQ//YPr8PxceadOzaQlV8+U/ZrWBQkmGVhqb pqOvhvw3Z5MzaVE+ZlSAQvZTUDq51Zf6EinUB+DWkUEGwQ6GeyUjaeuPU+KzP9Uk V6iu3Y5NOwaxQxQbkLWDuCgCpoPQaNqDWtICQoYkGom/YsnsZDWbQbATa6NFGPMS eeOeIV+5DK5jt7BGMHSnDHhJMmKTCPJtrwOnGVd9yeY/02qNWiCa8FzP2obhKzu0 IRO4tia9UUoLLAUwSpz7OxZQ9+6i99olj80CuLIyUFawBKjzhBF5+WtWQ556cdKY 3Ar9dAUmcmqI1wSeJhstR278bADoOkSmJzIaT1H0O2fORuWlfwF9iWtFAqCgLiNC YuiIFA0Cq3JwuPoA3f+VT4njd+x1ZA15+BuhJuYORqiiU8t9QqwGfabzzMWtkI4P sCdrZIQ2nYy2dVPoZhSOwkJmvVnl8tUSUrduC9LOor5UmN9aImVzjLwhAgBglYY7 8Lepql0tD2Bw4stbg/H96avG2/IntoECQJRByrX44L7TYcgAe/EPNb+fMDD/cm/D SWBYEK4Od85RcsN+ji4kqiI7JrqM+CS6XAcUVuOzs0TyFItx7ifqML/6AEPXKiRK oqarbqzGrXm9rBvt4apdew2YAHKgrhPk6bvYaJe4tyJ8ewarZ+wovUX8CZMNMOhF 9Tuylc+nj2c= =kH7O - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYByYi+NLKJtyKPYoAQgmxQ/6A5F6JHUCaWjDmSElaSJ+bk07bscTTr9n NVzLfRisrtrIaBSJvLlGnvy9UuuuDHeq3ulMQJrEaKdRr0yqkcKH/lHfUckwuUHY 688f6UVMMIkNthekp048QchaGMVYjVKntaUhH9Tsf/QTlOCyIanY+1cX94joq8h3 6MTxogPUI7Iwuktam+DeZWJFGcCeQxbIjswopAKx/1vcHVO2ZNP2OKLQQ6e64q8s gD/P8QJuXy9nl7HWMsmCzd0rRNQXoeOd0ZvIZIXaZeG92jA97c/Hdz2a6pIlVtIK lgTdmfEJCW1K72Ddqifc+jRL/iyFtSl+ZbGZw8WAJAwnPRhLdtFjeZHU1rmbCVb9 KPkUPGJPJuM8vmkRUjyw7EzM6oxuaAvNKhFQvuYAPsoJSsOSM2WLDnC62NkeyGLK mfCyE4pHeEh2v5+LqBeqmlxg/EW9gzdLEnfo2sSNBREYJw0v5cPHpkKVDM7/6mhN hiktiDoUlRcplJzcCj4FKh/7+j5F+mknYUkCgbgMsUJ7856DlDzKD/eJfoTsQtrd Y/t5QVf0YnooeH5FFyBFIGFDtAHg0GMNW2lJvqsEgj709vbsZjTmQLiH/z64GqFM PgcXQSDAYC9/8SrOg/+ZsLgqVOas7r5vKtRC6/U/BwHZEVf5Smf8CjXe8Iva203E VoajLws7RlM= =UvDP -----END PGP SIGNATURE-----