(RHSA-2019:2889) Important: redhat-virtualization-host security update


The redhat-virtualization-host packages provide the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1751436, BZ#1754063) Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected Package

OS OS Version Package Name Package Version
RedHat 7 redhat-virtualization-host 4.3.5-20190920.0.el7_7
RedHat 7 redhat-release-virtualization-host 4.3.5-4.el7ev
RedHat 7 redhat-release-virtualization-host 4.3.5-4.el7ev
RedHat 7 redhat-virtualization-host-image-update 4.3.5-20190920.0.el7_7
RedHat 7 redhat-virtualization-host-image-update-placeholder 4.3.5-4.el7ev