RedHatRHSA-2021:0187(RHSA-2021:0187) Moderate: OpenShift Virtualization 2.5.3 security and bug fix update
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.0%
OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 2.5.3 images:
RHEL-7-CNV-2.5
kubevirt-ssp-operator-container-v2.5.3-2
RHEL-8-CNV-2.5
virtio-win-container-v2.5.3-4
hostpath-provisioner-container-v2.5.3-3
kubevirt-kvm-info-nfd-plugin-container-v2.5.3-2
kubevirt-template-validator-container-v2.5.3-4
kubevirt-cpu-model-nfd-plugin-container-v2.5.3-1
kubevirt-metrics-collector-container-v2.5.3-3
cnv-containernetworking-plugins-container-v2.5.3-2
kubemacpool-container-v2.5.3-2
hostpath-provisioner-operator-container-v2.5.3-3
kubevirt-cpu-node-labeller-container-v2.5.3-3
node-maintenance-operator-container-v2.5.3-2
ovs-cni-marker-container-v2.5.3-2
kubernetes-nmstate-handler-container-v2.5.3-2
cluster-network-addons-operator-container-v2.5.3-3
ovs-cni-plugin-container-v2.5.3-2
bridge-marker-container-v2.5.3-2
kubevirt-v2v-conversion-container-v2.5.3-2
hyperconverged-cluster-operator-container-v2.5.3-3
kubevirt-vmware-container-v2.5.3-2
cnv-must-gather-container-v2.5.3-2
virt-api-container-v2.5.3-2
virt-handler-container-v2.5.3-2
virt-controller-container-v2.5.3-2
virt-launcher-container-v2.5.3-2
virt-operator-container-v2.5.3-2
virt-cdi-cloner-container-v2.5.3-4
virt-cdi-importer-container-v2.5.3-4
virt-cdi-controller-container-v2.5.3-4
virt-cdi-apiserver-container-v2.5.3-4
virt-cdi-operator-container-v2.5.3-4
virt-cdi-uploadserver-container-v2.5.3-4
virt-cdi-uploadproxy-container-v2.5.3-4
vm-import-operator-container-v2.5.3-4
vm-import-controller-container-v2.5.3-4
vm-import-virtv2v-container-v2.5.3-4
hco-bundle-registry-container-v2.5.3-80
Security Fix(es):
- golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Container-native Virtualization 2.5.3 Images (BZ#1902961)
Related
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.0%