(RHSA-2019:2924) Important: redhat-virtualization-host security update


The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1751435) Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected Package

OS OS Version Package Name Package Version
RedHat 7 redhat-release-virtualization-host 4.2-14.1.el7
RedHat 7 redhat-virtualization-host 4.2-20190919.0.el7_6
RedHat 7 redhat-virtualization-host-image-update-placeholder 4.2-14.1.el7
RedHat 7 redhat-release-virtualization-host-content 4.2-14.1.el7
RedHat 7 redhat-virtualization-host-image-update 4.2-20190919.0.el7_6
RedHat 7 redhat-release-virtualization-host 4.2-14.1.el7