ID

VAR-202102-1093

CVE

CVE-2021-27219

TITLE

GNOME GLib  Vulnerability in conversion between numeric types in

DESCRIPTION

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. 8) - noarch 3. The following packages have been upgraded to a later upstream version: mingw-glib2 (2.66.7). 6 ELS) - i386, noarch, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. See the following advisories for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2287 Space precludes documenting all of the container images in this advisory. Additional Changes: This update also fixes several bugs. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1889659 - [Assisted-4.6] [cluster validation] Number of hosts validation is not enforced when Automatic role assigned 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1932638 - Removing ssh keys MC does not remove the key from authorized_keys 1934180 - vsphere-problem-detector should check if datastore is part of datastore cluster 1937396 - when kuryr quotas are unlimited, we should not sent alerts 1939014 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP 1939553 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string 1940275 - [IPI Baremetal] Revert Sending full ignition to masters 1942603 - [4.7z] Network policies in ovn-kubernetes don't support external traffic from router when the endpoint publishing strategy is HostNetwork 1944046 - Warn users when using an unsupported browser such as IE 1944575 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results 1945702 - Operator dependency not consistently chosen from default channel 1946682 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall 1947091 - Incorrect skipped status for conditional tasks in the pipeline run 1947427 - Bootstrap ignition shim doesn't follow proxy settings 1948398 - [oVirt] remove ovirt_cafile from ovirt-credentials secret 1949541 - Kuryr-Controller crashes when it's missing the status object 1950290 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation 1951210 - Pod log filename no longer in <pod-name>-<container-name>.log format 1953475 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc 1954121 - [ceo] [release-4.7] Operator goes degraded when a second internal node ip is added after install 1955210 - OCP 4.6 Build fails when filename contains an umlaut 1955418 - 4.8 -> 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator 1955482 - [4.7] Drop high-cardinality metrics from kube-state-metrics which aren't used 1955600 - e2e unidling test flakes in CI 1956565 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry 1956980 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed. 1957308 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-> Removed-> Managed in configs.imageregistry with high ratio 1957499 - OperatorHub - console accepts any value for "Infrastructure features" annotation 1958416 - openshift-oauth-apiserver apiserver pod crashloopbackoffs 1958467 - [4.7] Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct 1958873 - Device Replacemet UI, The status of the disk is "replacement ready" before I clicked on "start replacement" 1959546 - [4.7] storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions 1959737 - Unable to assign nodes for EgressIP even if the egress-assignable label is set 1960093 - Console not works well against a proxy in front of openshift clusters 1960111 - Port 8080 of oVirt CSI driver is causing collisions with other services 1960542 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960544 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console 1960562 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960589 - manifests: extra "spec.version" in console quickstarts makes CVO hotloop 1960645 - [Backport 4.7] Add virt_platform metric to the collected metrics 1960686 - GlobalConfigPage is constantly requesting resources 1961069 - CMO end-to-end tests work only on AWS 1961367 - Conformance tests for OpenStack require the Cinder client that is not included in the "tests" image 1961518 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1961557 - [release-4.7] respect the shutdown-delay-duration from OpenShiftAPIServerConfig 1961719 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop 1961887 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns 1962314 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true 1962493 - Kebab menu of taskrun contains Edit options which should not be present 1962637 - Nodes tainted after configuring additional host iface 1962819 - OCP v4.7 installation with OVN-Kubernetes fails with error "egress bandwidth restriction -1 is not equals" 1962949 - e2e-metal-ipi and related jobs fail to bootstrap due to multipe VIP's 1963141 - packageserver clusteroperator Available condition set to false on any Deployment spec change 1963243 - HAproxy pod logs showing error "another server named 'pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080' was already defined at line 326, please use distinct names" 1964322 - UI, The status of "Used Capacity Breakdown [Pods]" is "Not available" 1964568 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation 1965075 - [4.7z] After upgrade from 4.5.16 to 4.6.17, customer's application is seeing re-transmits 1965932 - [oauth-server] bump k8s.io/apiserver to 1.20.3 1966358 - Build failure on s390x 1966798 - [tests] Release 4.7 broken due to the usage of wrong OCS version 1966810 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration 1967328 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud 1967966 - prometheus-k8s pods can't be scheduled due to volume node affinity conflict 1967972 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1970322 - [OVN]EgressFirewall doesn't work well as expected 5. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. 8.2) - aarch64, ppc64le, s390x, x86_64 3. 7.4) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: glib2 security update Advisory ID: RHSA-2021:2147-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2147 Issue date: 2021-05-31 CVE Names: CVE-2021-27219 ==================================================================== 1. Summary: An update for glib2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm ppc64: glib2-2.56.1-9.el7_9.ppc.rpm glib2-2.56.1-9.el7_9.ppc64.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm glib2-devel-2.56.1-9.el7_9.ppc.rpm glib2-devel-2.56.1-9.el7_9.ppc64.rpm ppc64le: glib2-2.56.1-9.el7_9.ppc64le.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm glib2-devel-2.56.1-9.el7_9.ppc64le.rpm s390x: glib2-2.56.1-9.el7_9.s390.rpm glib2-2.56.1-9.el7_9.s390x.rpm glib2-debuginfo-2.56.1-9.el7_9.s390.rpm glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm glib2-devel-2.56.1-9.el7_9.s390.rpm glib2-devel-2.56.1-9.el7_9.s390x.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm ppc64: glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm glib2-fam-2.56.1-9.el7_9.ppc64.rpm glib2-static-2.56.1-9.el7_9.ppc.rpm glib2-static-2.56.1-9.el7_9.ppc64.rpm glib2-tests-2.56.1-9.el7_9.ppc64.rpm ppc64le: glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm glib2-fam-2.56.1-9.el7_9.ppc64le.rpm glib2-static-2.56.1-9.el7_9.ppc64le.rpm glib2-tests-2.56.1-9.el7_9.ppc64le.rpm s390x: glib2-debuginfo-2.56.1-9.el7_9.s390.rpm glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm glib2-fam-2.56.1-9.el7_9.s390x.rpm glib2-static-2.56.1-9.el7_9.s390.rpm glib2-static-2.56.1-9.el7_9.s390x.rpm glib2-tests-2.56.1-9.el7_9.s390x.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLS3ctzjgjWX9erEAQi/oBAAk7Y1nA3n84Zz7y/KwwhHGlbTLc0NXn4c nRQUpxJuScuvefAmM+Z73qxqxdM+hBQfDoodATPeTgYT7mYFnN3n+dTrv7Sg1kks aU9Q6d7HdRnk4mhOK3blYI8Ln5LYkcRcqmpyZ8sN14Cqffc+o5VEIwT6hht9/iZL UJQDhdbWT/EDXcZ7iV+1ahicKczm/XEZVkC8zAa9rcQlJ3JJ36gmMuCvmYbS4TOb 8UKNb2hpjkk9laGC5BWG8dnpzrdQnUXmd39n7rltLiIxoQeq3UWo44UCV7XZFcVT eoEt5o3no3+mlIcYto6u5lgfq83D/bI6OuRVRm3BaAp5lBNqPU6dzv2sxtWbKizR vIlmBmoWvYXbNxwkGZeQ5ZU3TTumCUOqIvT5KFIdurWPeknb9zD4Xt8JIuWNXwbV 1mv5jnAz8+v8LX2hQpUh2QPEpTi6GKDWhTE2w+Ulh4s0SCTICc8pjdyNx+PljDDx HyWwPu7veac0fewc+VHZzsTqrKFnH46+A6LIv2bySioa0oomxxWZrSg5BBx+tQXn ND/TjXaFnmrHVyDP7zD0PPBR13PlN8o++LK6oIADSrruc/1FPC7veEqFjMyHwemG nJyp479dwq4M7kpBgd9VfFTVjluCxYsA7FDwP+6q3k+ZJR6S0Dm5pXail/S1gPpw qTmrr3x9NbI=Nn9w -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1957321 - Respin the rhgs-server-container container to include latest glusterfs rpm for RHGS 3.5.5 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1987163 - respin volmanager to include latest heketi rpm 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-10-20T02:12:36.081000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE