(RHSA-2022:8750) Moderate: OpenShift Virtualization 4.11.1 security and bug fix update

OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.

Security Fix(es):

• golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

• golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

• golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)

• golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

• golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)

• Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)

• Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)

• [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)

• Fedora version in DataImportCrons is not ‘latest’ (BZ#2102694)

• [4.11] Cloned VM’s snapshot restore fails if the source VM disk is deleted (BZ#2109407)

• CNV introduces a compliance check fail in “ocp4-moderate” profile - routes-protected-by-tls (BZ#2110562)

• Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)

• Unable to start windows VMs on PSI setups (BZ#2115371)

• [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)

• Mark Windows 11 as TechPreview (BZ#2129013)

• 4.11.1 rpms (BZ#2139453)

This advisory contains the following OpenShift Virtualization 4.11.1 images.

RHEL-8-CNV-4.11

virt-cdi-operator-container-v4.11.1-5
virt-cdi-uploadserver-container-v4.11.1-5
virt-cdi-apiserver-container-v4.11.1-5
virt-cdi-importer-container-v4.11.1-5
virt-cdi-controller-container-v4.11.1-5
virt-cdi-cloner-container-v4.11.1-5
virt-cdi-uploadproxy-container-v4.11.1-5
checkup-framework-container-v4.11.1-3
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7
kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7
kubevirt-template-validator-container-v4.11.1-4
virt-handler-container-v4.11.1-5
hostpath-provisioner-operator-container-v4.11.1-4
virt-api-container-v4.11.1-5
vm-network-latency-checkup-container-v4.11.1-3
cluster-network-addons-operator-container-v4.11.1-5
virtio-win-container-v4.11.1-4
virt-launcher-container-v4.11.1-5
ovs-cni-marker-container-v4.11.1-5
hyperconverged-cluster-webhook-container-v4.11.1-7
virt-controller-container-v4.11.1-5
virt-artifacts-server-container-v4.11.1-5
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7
libguestfs-tools-container-v4.11.1-5
hostpath-provisioner-container-v4.11.1-4
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7
kubevirt-tekton-tasks-copy-template-container-v4.11.1-7
cnv-containernetworking-plugins-container-v4.11.1-5
bridge-marker-container-v4.11.1-5
virt-operator-container-v4.11.1-5
hostpath-csi-driver-container-v4.11.1-4
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7
kubemacpool-container-v4.11.1-5
hyperconverged-cluster-operator-container-v4.11.1-7
kubevirt-ssp-operator-container-v4.11.1-4
ovs-cni-plugin-container-v4.11.1-5
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7
kubevirt-tekton-tasks-operator-container-v4.11.1-2
cnv-must-gather-container-v4.11.1-8
kubevirt-console-plugin-container-v4.11.1-9
hco-bundle-registry-container-v4.11.1-49