RHSA-2021:4103: Moderate: OpenShift Virtualization 4.9.0 RPMs security and bug fix update
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.0 RPMs.Security Fix(es): golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:4103?
The severity of RHSA-2021:4103 is classified as moderate.
How do I fix RHSA-2021:4103?
To fix RHSA-2021:4103, update to the patched versions of the affected packages, specifically kubevirt and kubevirt-virtctl version 4.9.0-287.el8 or el7.
Which packages are affected by RHSA-2021:4103?
The affected packages include kubevirt, kubevirt-virtctl, and kubevirt-virtctl-redistributable for both el7 and el8.
What are the potential risks associated with RHSA-2021:4103?
The risks include possible data races in net/http servers that could lead to unpredictable behavior.
Is RHSA-2021:4103 related to OpenShift Virtualization?
Yes, RHSA-2021:4103 pertains to security vulnerabilities in OpenShift Virtualization version 4.9.0.