Detections
Analytics
RHEL 7 : Red Hat Virtualization (RHSA-2020:4114)
medium Nessus Plugin ID 141123
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for Red Hat Virtualization.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4114 advisory.ovirt-ansible-repositories is an Ansible role used to set up the repositories required for oVirt engine or host installation.
The openvswitch package contains components for enabling Open vSwitch; a software-based Ethernet virtual switch. It also includes OVN (Open Virtual Network) components for supporting virtual network abstraction.
The Red Hat Virtualization Python SDK is a program that simplifies access to the Red Hat Virtualization API by providing an object-oriented view to developers.
Security Fix(es):
* dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() (CVE-2020-10722)
* dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, during RHHI-V deployment of 3 hosts using ovirt-ansible-hosted-engine-setup, the Self-Hosted Engine was added to the default cluster, but the additional 2 hosts were not added.
In this release, deployment with ovirt-ansible-hosted-engine-setup successfully adds all hosts to the cluster. (BZ#1855283)
* Previously, when creating large numbers of virtual machines (~2300 VMs), the associated Data Centers became unresponsive, and the hosts did not have Storage Pool Managers (SPM).
With this release, large scale deployment of virtual machines succeeds without errors. (BZ#1849558)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL Red Hat Virtualization package based on the guidance in RHSA-2020:4114.See Also
http://www.nessus.org/u?2a3c4c93
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/errata/RHSA-2020:4114
https://bugzilla.redhat.com/show_bug.cgi?id=1828867
https://bugzilla.redhat.com/show_bug.cgi?id=1828874
https://bugzilla.redhat.com/show_bug.cgi?id=1849558
https://bugzilla.redhat.com/show_bug.cgi?id=1849595
Plugin Details
Severity: Medium
ID: 141123
File Name: redhat-RHSA-2020-4114.nasl
Version: 1.10
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/2/2020
Updated: 6/4/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-10723
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Temporal Score: 5.8
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ovn2.11-vtep, p-cpe:/a:redhat:enterprise_linux:python-openvswitch2.11, p-cpe:/a:redhat:enterprise_linux:ovn2.11, p-cpe:/a:redhat:enterprise_linux:ovn2.11-host, p-cpe:/a:redhat:enterprise_linux:openvswitch2.11, p-cpe:/a:redhat:enterprise_linux:openvswitch2.11-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 9/30/2020
Vulnerability Publication Date: 5/19/2020
Reference Information
CVE: CVE-2020-10722, CVE-2020-10723