ID

VAR-202102-1093

CVE

CVE-2021-27219

TITLE

GNOME Glib Security hole

DESCRIPTION

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. 8) - noarch 3. The following packages have been upgraded to a later upstream version: mingw-glib2 (2.66.7). Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GLib: Multiple vulnerabilities Date: July 07, 2021 Bugs: #768753, #775632 ID: 202107-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in GLib, the worst of which could result in the arbitrary execution of code. Background ========== GLib is a library providing a number of GNOME's core objects and functions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/glib < 2.66.8 >= 2.66.8 Description =========== Multiple vulnerabilities have been discovered in GLib. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GLib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.66.8" References ========== [ 1 ] CVE-2021-27218 https://nvd.nist.gov/vuln/detail/CVE-2021-27218 [ 2 ] CVE-2021-27219 https://nvd.nist.gov/vuln/detail/CVE-2021-27219 [ 3 ] CVE-2021-28153 https://nvd.nist.gov/vuln/detail/CVE-2021-28153 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.2) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: glib2 security update Advisory ID: RHSA-2021:2175-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2175 Issue date: 2021-06-01 CVE Names: CVE-2021-27219 ==================================================================== 1. Summary: An update for glib2 is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 3. Description: GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: glib2-2.56.1-6.el7_7.src.rpm x86_64: glib2-2.56.1-6.el7_7.i686.rpm glib2-2.56.1-6.el7_7.x86_64.rpm glib2-debuginfo-2.56.1-6.el7_7.i686.rpm glib2-debuginfo-2.56.1-6.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): noarch: glib2-doc-2.56.1-6.el7_7.noarch.rpm x86_64: glib2-debuginfo-2.56.1-6.el7_7.i686.rpm glib2-debuginfo-2.56.1-6.el7_7.x86_64.rpm glib2-devel-2.56.1-6.el7_7.i686.rpm glib2-devel-2.56.1-6.el7_7.x86_64.rpm glib2-fam-2.56.1-6.el7_7.x86_64.rpm glib2-static-2.56.1-6.el7_7.i686.rpm glib2-static-2.56.1-6.el7_7.x86_64.rpm glib2-tests-2.56.1-6.el7_7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: glib2-2.56.1-6.el7_7.src.rpm ppc64: glib2-2.56.1-6.el7_7.ppc.rpm glib2-2.56.1-6.el7_7.ppc64.rpm glib2-debuginfo-2.56.1-6.el7_7.ppc.rpm glib2-debuginfo-2.56.1-6.el7_7.ppc64.rpm glib2-devel-2.56.1-6.el7_7.ppc.rpm glib2-devel-2.56.1-6.el7_7.ppc64.rpm ppc64le: glib2-2.56.1-6.el7_7.ppc64le.rpm glib2-debuginfo-2.56.1-6.el7_7.ppc64le.rpm glib2-devel-2.56.1-6.el7_7.ppc64le.rpm s390x: glib2-2.56.1-6.el7_7.s390.rpm glib2-2.56.1-6.el7_7.s390x.rpm glib2-debuginfo-2.56.1-6.el7_7.s390.rpm glib2-debuginfo-2.56.1-6.el7_7.s390x.rpm glib2-devel-2.56.1-6.el7_7.s390.rpm glib2-devel-2.56.1-6.el7_7.s390x.rpm x86_64: glib2-2.56.1-6.el7_7.i686.rpm glib2-2.56.1-6.el7_7.x86_64.rpm glib2-debuginfo-2.56.1-6.el7_7.i686.rpm glib2-debuginfo-2.56.1-6.el7_7.x86_64.rpm glib2-devel-2.56.1-6.el7_7.i686.rpm glib2-devel-2.56.1-6.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): noarch: glib2-doc-2.56.1-6.el7_7.noarch.rpm ppc64: glib2-debuginfo-2.56.1-6.el7_7.ppc.rpm glib2-debuginfo-2.56.1-6.el7_7.ppc64.rpm glib2-fam-2.56.1-6.el7_7.ppc64.rpm glib2-static-2.56.1-6.el7_7.ppc.rpm glib2-static-2.56.1-6.el7_7.ppc64.rpm glib2-tests-2.56.1-6.el7_7.ppc64.rpm ppc64le: glib2-debuginfo-2.56.1-6.el7_7.ppc64le.rpm glib2-fam-2.56.1-6.el7_7.ppc64le.rpm glib2-static-2.56.1-6.el7_7.ppc64le.rpm glib2-tests-2.56.1-6.el7_7.ppc64le.rpm s390x: glib2-debuginfo-2.56.1-6.el7_7.s390.rpm glib2-debuginfo-2.56.1-6.el7_7.s390x.rpm glib2-fam-2.56.1-6.el7_7.s390x.rpm glib2-static-2.56.1-6.el7_7.s390.rpm glib2-static-2.56.1-6.el7_7.s390x.rpm glib2-tests-2.56.1-6.el7_7.s390x.rpm x86_64: glib2-debuginfo-2.56.1-6.el7_7.i686.rpm glib2-debuginfo-2.56.1-6.el7_7.x86_64.rpm glib2-fam-2.56.1-6.el7_7.x86_64.rpm glib2-static-2.56.1-6.el7_7.i686.rpm glib2-static-2.56.1-6.el7_7.x86_64.rpm glib2-tests-2.56.1-6.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLYiBtzjgjWX9erEAQij2A//SOetrkuINJH1Ynug3uJzTj/eNbSqia1H Ys1upve8N1nTdfb1i41HLMn88KM5Hs9Lzb4Le3wnWOH4+ZIo/lr/SLDK8FNh3p0O izcBZHWSgbm91j0ESskQ1mICmy7/WWyQUXvRnf9vE+08syE7VWd4F0tbnnj5J0LR li4lNkToRZHVFadsLf0j3d5bpGYjnBGcgzinsBSxfTfbltORO75GtsKegJ0tTUUf a7YamRhIbdh3e29ngEH8TFS72vAvrvz17dcN0YVuOre2hIiJBGvQujfNrqrRQ5UN +Kx3HeqtrUscjhAnCups2zB+vxaGooGpy80YBuYZUFCzDpzq2U/ORcsk9vXXK7zU vEH1JOqfqLDR1f6ZCEyfR/pHUB+Mc5tpM7iVfLINdFUQPkSrKLUCQ8pFyZ8nhzD7 0MDlcVs27DueyV+7flstK9/Q/1uw5r+uigyPSNxPQciLnr3ph5/92bbk1VOGrmEQ vbJLkHmkKcU/uQBoi9D6fBq79cbB5zt49c37F8AJ5TUfXPQyrJST0624YWu/LbJH Mq7tS/TX0bAXGqWFa9i/lezTulFncUijYmb4PdIALpRrT7yLqWvUntPSy057KcuS Xt448tO9M0b2NRGNzrVM1Y3bOHrLPjdWVqmOFfD5FeOqvmSyRcivS1LEHSz3X1e4 yQ/lOQ5Qnvs=oS3p -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-03-30T20:28:14.567000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE