RHSA-2022:1263: Important: RHV-H security update (redhat-virtualization-host) 4.3.22

The redhat-virtualization-host packages provide the Red Hat Virtualization Host.These packages include redhat-release-virtualization-host. Red HatVirtualization Hosts (RHVH) are installed using a special build of Red HatEnterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.Security Fix(es): kernel: Use After Free in unixgc() which could result in a local privilege escalation (CVE-2021-0920) kernel: use-after-free in RDMA listen() (CVE-2021-4028) kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) kernel: xfs: raw block device data leak in XFSIOCALLOCSP IOCTL (CVE-2021-4155) aide: heap-based buffer overflow on outputs larger than B64BUF (CVE-2021-45417) kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330) openssl: Infinite loop in BNmodsqrt() reachable when parsing certificates (CVE-2022-0778) kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942) cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407) expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) expat: Integer overflow in storeRawNames() (CVE-2022-25315) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)