RHSA-2021:0799: Moderate: OpenShift Virtualization 2.6.0 security and bug fix update

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains the following OpenShift Virtualization 2.6.0 images:RHEL-8-CNV-2.6==============kubevirt-cpu-node-labeller-container-v2.6.0-5kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5node-maintenance-operator-container-v2.6.0-13kubevirt-vmware-container-v2.6.0-5virtio-win-container-v2.6.0-5kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5bridge-marker-container-v2.6.0-9kubevirt-template-validator-container-v2.6.0-9kubevirt-v2v-conversion-container-v2.6.0-6kubemacpool-container-v2.6.0-13kubevirt-ssp-operator-container-v2.6.0-40hyperconverged-cluster-webhook-container-v2.6.0-73hyperconverged-cluster-operator-container-v2.6.0-73ovs-cni-plugin-container-v2.6.0-10cnv-containernetworking-plugins-container-v2.6.0-10ovs-cni-marker-container-v2.6.0-10cluster-network-addons-operator-container-v2.6.0-16hostpath-provisioner-container-v2.6.0-11hostpath-provisioner-operator-container-v2.6.0-14vm-import-virtv2v-container-v2.6.0-21kubernetes-nmstate-handler-container-v2.6.0-19vm-import-controller-container-v2.6.0-21vm-import-operator-container-v2.6.0-21virt-api-container-v2.6.0-111virt-controller-container-v2.6.0-111virt-handler-container-v2.6.0-111virt-operator-container-v2.6.0-111virt-launcher-container-v2.6.0-111cnv-must-gather-container-v2.6.0-54virt-cdi-importer-container-v2.6.0-24virt-cdi-cloner-container-v2.6.0-24virt-cdi-controller-container-v2.6.0-24virt-cdi-uploadserver-container-v2.6.0-24virt-cdi-apiserver-container-v2.6.0-24virt-cdi-uploadproxy-container-v2.6.0-24virt-cdi-operator-container-v2.6.0-24hco-bundle-registry-container-v2.6.0-582Security Fix(es): golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) jwt-go: access restriction bypass vulnerability (CVE-2020-26160) golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.