CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.8%
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.
Security Fix(es):
spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
glusterfs: Multiple flaws (CVE-2018-10904, CVE-2018-10907, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661, CVE-2018-10913)
samba: Insufficient input validation in libsmbclient (CVE-2018-10858)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting CVE-2018-10904, CVE-2018-10907, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661, and CVE-2018-10913. The CVE-2018-10873 issue was discovered by Frediano Ziglio (Red Hat).
Bug Fix(es):
If the RHVH upgrade finishes successfully, the hypervisor boots successfully, even if garbage collection fails. (BZ#1632058)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | redhat-release-virtualization-host | < 4.2-7.3.el7 | redhat-release-virtualization-host-4.2-7.3.el7.x86_64.rpm |
RedHat | 7 | noarch | redhat-virtualization-host-image-update-placeholder | < 4.2-7.3.el7 | redhat-virtualization-host-image-update-placeholder-4.2-7.3.el7.noarch.rpm |
RedHat | 7 | noarch | python-imgbased | < 1.0.29-1.el7ev | python-imgbased-1.0.29-1.el7ev.noarch.rpm |
RedHat | 7 | noarch | imgbased | < 1.0.29-1.el7ev | imgbased-1.0.29-1.el7ev.noarch.rpm |
RedHat | 7 | noarch | redhat-virtualization-host-image-update | < 4.2-20181026.0.el7_6 | redhat-virtualization-host-image-update-4.2-20181026.0.el7_6.noarch.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.8%