(RHSA-2021:1189) Important: Red Hat Virtualization security, bug fix, and enhancement update

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

Changes to the redhat-release-virtualization-host component:

• Previously, the redhat-support-tool was missing from the RHV-H 4.4 package.
  In this release, the redhat-support-tool has been added. (BZ#1928607)

Security Fix(es):

• openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)

• openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.