-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 2.6.6 Images security and bug fix update
Advisory ID:       RHSA-2021:3119-01
Product:           cnv
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3119
Issue date:        2021-08-10
CVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 
                   CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 
                   CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 
                   CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 
                   CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 
                   CVE-2019-25041 CVE-2019-25042 CVE-2020-8231 
                   CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 
                   CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 
                   CVE-2020-9983 CVE-2020-12362 CVE-2020-12363 
                   CVE-2020-12364 CVE-2020-13434 CVE-2020-13543 
                   CVE-2020-13584 CVE-2020-14344 CVE-2020-14345 
                   CVE-2020-14346 CVE-2020-14347 CVE-2020-14360 
                   CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 
                   CVE-2020-15358 CVE-2020-25659 CVE-2020-25712 
                   CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 
                   CVE-2020-27619 CVE-2020-28196 CVE-2020-28935 
                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 
                   CVE-2020-36242 CVE-2021-3114 CVE-2021-3177 
                   CVE-2021-3326 CVE-2021-3516 CVE-2021-3517 
                   CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 
                   CVE-2021-3541 CVE-2021-3560 CVE-2021-20201 
                   CVE-2021-20271 CVE-2021-23239 CVE-2021-23240 
                   CVE-2021-23336 CVE-2021-25215 CVE-2021-25217 
                   CVE-2021-27219 CVE-2021-28211 CVE-2021-32399 
                   CVE-2021-33909 CVE-2021-33910 
=====================================================================

1. Summary:

Red Hat OpenShift Virtualization release 2.6.6 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.

This advisory contains the following OpenShift Virtualization
<version_number> images:

RHEL-8-CNV-2.6

hostpath-provisioner-container-v2.6.6-3
vm-import-controller-container-v2.6.6-5
vm-import-virtv2v-container-v2.6.6-5
vm-import-operator-container-v2.6.6-5
virt-cdi-apiserver-container-v2.6.6-4
virt-cdi-controller-container-v2.6.6-4
virt-cdi-cloner-container-v2.6.6-4
virt-cdi-importer-container-v2.6.6-4
virt-cdi-uploadserver-container-v2.6.6-4
virt-cdi-uploadproxy-container-v2.6.6-4
virt-cdi-operator-container-v2.6.6-4
ovs-cni-marker-container-v2.6.6-5
kubevirt-ssp-operator-container-v2.6.6-5
kubemacpool-container-v2.6.6-7
kubevirt-vmware-container-v2.6.6-4
kubevirt-kvm-info-nfd-plugin-container-v2.6.6-4
kubevirt-cpu-model-nfd-plugin-container-v2.6.6-4
kubevirt-cpu-node-labeller-container-v2.6.6-4
virtio-win-container-v2.6.6-4
kubevirt-template-validator-container-v2.6.6-4
cnv-containernetworking-plugins-container-v2.6.6-4
node-maintenance-operator-container-v2.6.6-4
kubevirt-v2v-conversion-container-v2.6.6-4
cluster-network-addons-operator-container-v2.6.6-4
ovs-cni-plugin-container-v2.6.6-4
bridge-marker-container-v2.6.6-4
kubernetes-nmstate-handler-container-v2.6.6-7
hyperconverged-cluster-webhook-container-v2.6.6-4
cnv-must-gather-container-v2.6.6-16
hyperconverged-cluster-operator-container-v2.6.6-4
virt-launcher-container-v2.6.6-7
hostpath-provisioner-operator-container-v2.6.6-5
virt-api-container-v2.6.6-7
virt-handler-container-v2.6.6-7
virt-controller-container-v2.6.6-7
virt-operator-container-v2.6.6-7
hco-bundle-registry-container-v2.6.6-70

Security Fix(es):

* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1945703 - "Guest OS Info" availability in VMI describe is flaky
1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster
1963275 - migration controller null pointer dereference
1965099 - Live Migration double handoff to virt-handler causes connection failures
1965181 - CDI importer doesn't report AwaitingVDDK like it used to
1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod
1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs
1969756 - Windows VMs fail to start on air-gapped environments
1970372 - Virt-handler fails to verify container-disk
1973227 - segfault in virt-controller during pdb deletion
1974084 - 2.6.6 containers
1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]
1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration
1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner
1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i...
1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8

5. References:

https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2019-2708
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13012
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2019-25032
https://access.redhat.com/security/cve/CVE-2019-25034
https://access.redhat.com/security/cve/CVE-2019-25035
https://access.redhat.com/security/cve/CVE-2019-25036
https://access.redhat.com/security/cve/CVE-2019-25037
https://access.redhat.com/security/cve/CVE-2019-25038
https://access.redhat.com/security/cve/CVE-2019-25039
https://access.redhat.com/security/cve/CVE-2019-25040
https://access.redhat.com/security/cve/CVE-2019-25041
https://access.redhat.com/security/cve/CVE-2019-25042
https://access.redhat.com/security/cve/CVE-2020-8231
https://access.redhat.com/security/cve/CVE-2020-8284
https://access.redhat.com/security/cve/CVE-2020-8285
https://access.redhat.com/security/cve/CVE-2020-8286
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9948
https://access.redhat.com/security/cve/CVE-2020-9951
https://access.redhat.com/security/cve/CVE-2020-9983
https://access.redhat.com/security/cve/CVE-2020-12362
https://access.redhat.com/security/cve/CVE-2020-12363
https://access.redhat.com/security/cve/CVE-2020-12364
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-13543
https://access.redhat.com/security/cve/CVE-2020-13584
https://access.redhat.com/security/cve/CVE-2020-14344
https://access.redhat.com/security/cve/CVE-2020-14345
https://access.redhat.com/security/cve/CVE-2020-14346
https://access.redhat.com/security/cve/CVE-2020-14347
https://access.redhat.com/security/cve/CVE-2020-14360
https://access.redhat.com/security/cve/CVE-2020-14361
https://access.redhat.com/security/cve/CVE-2020-14362
https://access.redhat.com/security/cve/CVE-2020-14363
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-25659
https://access.redhat.com/security/cve/CVE-2020-25712
https://access.redhat.com/security/cve/CVE-2020-26116
https://access.redhat.com/security/cve/CVE-2020-26137
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-28196
https://access.redhat.com/security/cve/CVE-2020-28935
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2020-36242
https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3177
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3516
https://access.redhat.com/security/cve/CVE-2021-3517
https://access.redhat.com/security/cve/CVE-2021-3518
https://access.redhat.com/security/cve/CVE-2021-3520
https://access.redhat.com/security/cve/CVE-2021-3537
https://access.redhat.com/security/cve/CVE-2021-3541
https://access.redhat.com/security/cve/CVE-2021-3560
https://access.redhat.com/security/cve/CVE-2021-20201
https://access.redhat.com/security/cve/CVE-2021-20271
https://access.redhat.com/security/cve/CVE-2021-23239
https://access.redhat.com/security/cve/CVE-2021-23240
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/cve/CVE-2021-25215
https://access.redhat.com/security/cve/CVE-2021-25217
https://access.redhat.com/security/cve/CVE-2021-27219
https://access.redhat.com/security/cve/CVE-2021-28211
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/cve/CVE-2021-33909
https://access.redhat.com/security/cve/CVE-2021-33910
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYRK59dzjgjWX9erEAQiugA/+OZOUaiDDgSrQ0tfhvtCKyogolJh11HpY
TLKj0wK5+V3fC4Dgmv9QN7j9zacor2twCFXoTd5zrdxwWzYYselH/tMchWMcTzm4
AZuPA1m+CnhqiHwTFWt9zrA8Xx/CgyYViFWECzPyyvLFUNElDsfvZqt3Dg0Lq3R1
LqVHYoLsg4+8MYFJYI8KpzQ65TbH3hm/Nv6x+coYGdpLZ6K3eAXuoNUQeVqvmluJ
+AakkgXeuw90g/ycJc2ofzPVQDpKtMC7TSvsE7SWBNjoOqZlCIALsYVWo+wRifvP
QW+wbDtg4/94bAQiOSEetVzZJyb8xZxINoI1p3wtDi3N85vFvc4Nl/MCS2ogbPvd
OAg17kpdepaDBpi5DkkFzyHUTPuuokDN2pHP+BAeQWQWv317jrBPvcY9CvUdIaJJ
DGvRGEDiSy6eYykpPYcwClX2S/q1numsJKVF1W3M9yj1ouzhVnuecY/EBpCTArhk
7//FKFBW8KIBLau/Zbdw2a/+ahg+XA9NvwBr7HVxaVvq5V3czUTMt6iHyTQV9X1V
V5dps8D/ADzPcp/rzLsZaJ9m7AD2y5I/YSy5Qq/8ISbqlwIo6eVCdPxK34m9CQVp
8bHQAXRLDO3vcm2qqXpq74T63eSJ/uVoUJxI7bMUItK23hK8gRVpD4V2c8d+WEX4
jmqgR5m3MoQ=
=LOMD
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce