logo
DATABASE RESOURCES PRICING ABOUT US

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Description

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. The following packages have been upgraded to a later upstream version: qemu-kvm (6.2.0), libvirt (8.0.0), libvirt-python (8.0.0), perl-Sys-Virt (8.0.0), seabios (1.15.0), libtpms (0.9.1). (BZ#1997410, BZ#2012802, BZ#2012806, BZ#2012813, BZ#2018392, BZ#2027716, BZ#2029355) Security Fix(es): * QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748) * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records (CVE-2021-33285) * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286) * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes (CVE-2021-33287) * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289) * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266) * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections (CVE-2021-35267) * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode (CVE-2021-35268) * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT (CVE-2021-35269) * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251) * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252) * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253) * ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize() (CVE-2021-39254) * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute (CVE-2021-39255) * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256) * ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257) * ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258) * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length (CVE-2021-39259) * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260) * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261) * ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262) * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute (CVE-2021-39263) * libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485) * hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622) * nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS (CVE-2021-3716) * libvirt: segmentation fault during VM shutdown can lead to vdsm hang (CVE-2021-3975) * QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c (CVE-2021-4145) * QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158) * QEMU: block: fdc: null pointer dereference may lead to guest crash (CVE-2021-20196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.


Affected Package


OS OS Version Package Name Package Version
rocky 8.0 rocky linux Rocky Linux -Rocky Linux

Related