ID

VAR-202102-1093

CVE

CVE-2021-27219

TITLE

Red Hat Security Advisory 2021-3119-01

DESCRIPTION

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. 8) - noarch 3. The following packages have been upgraded to a later upstream version: mingw-glib2 (2.66.7). Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. 6 ELS) - i386, noarch, s390x, x86_64 3. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. Description: Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: glib2 security update Advisory ID: RHSA-2021:2171-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2171 Issue date: 2021-06-01 CVE Names: CVE-2021-27219 ==================================================================== 1. Summary: An update for glib2 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: glib2-2.56.4-8.el8_2.1.src.rpm aarch64: glib2-2.56.4-8.el8_2.1.aarch64.rpm glib2-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-debugsource-2.56.4-8.el8_2.1.aarch64.rpm glib2-devel-2.56.4-8.el8_2.1.aarch64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-fam-2.56.4-8.el8_2.1.aarch64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-tests-2.56.4-8.el8_2.1.aarch64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm ppc64le: glib2-2.56.4-8.el8_2.1.ppc64le.rpm glib2-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-debugsource-2.56.4-8.el8_2.1.ppc64le.rpm glib2-devel-2.56.4-8.el8_2.1.ppc64le.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-fam-2.56.4-8.el8_2.1.ppc64le.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-tests-2.56.4-8.el8_2.1.ppc64le.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm s390x: glib2-2.56.4-8.el8_2.1.s390x.rpm glib2-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-debugsource-2.56.4-8.el8_2.1.s390x.rpm glib2-devel-2.56.4-8.el8_2.1.s390x.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-fam-2.56.4-8.el8_2.1.s390x.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-tests-2.56.4-8.el8_2.1.s390x.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.s390x.rpm x86_64: glib2-2.56.4-8.el8_2.1.i686.rpm glib2-2.56.4-8.el8_2.1.x86_64.rpm glib2-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-debugsource-2.56.4-8.el8_2.1.i686.rpm glib2-debugsource-2.56.4-8.el8_2.1.x86_64.rpm glib2-devel-2.56.4-8.el8_2.1.i686.rpm glib2-devel-2.56.4-8.el8_2.1.x86_64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-fam-2.56.4-8.el8_2.1.x86_64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-tests-2.56.4-8.el8_2.1.x86_64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: glib2-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-debugsource-2.56.4-8.el8_2.1.aarch64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-static-2.56.4-8.el8_2.1.aarch64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm noarch: glib2-doc-2.56.4-8.el8_2.1.noarch.rpm ppc64le: glib2-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-debugsource-2.56.4-8.el8_2.1.ppc64le.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-static-2.56.4-8.el8_2.1.ppc64le.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm s390x: glib2-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-debugsource-2.56.4-8.el8_2.1.s390x.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-static-2.56.4-8.el8_2.1.s390x.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.s390x.rpm x86_64: glib2-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-debugsource-2.56.4-8.el8_2.1.i686.rpm glib2-debugsource-2.56.4-8.el8_2.1.x86_64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-static-2.56.4-8.el8_2.1.i686.rpm glib2-static-2.56.4-8.el8_2.1.x86_64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLYSUtzjgjWX9erEAQigAA/9EhfhmrkuseIrzspPL0ME+D+MCaLLpDcm ro5B0q7wek8/SN8molY9yFH8PEpVKIk0Lz7/y+LorYDit4HGubeNa1HVzoquhb+E 3ftxdeidiUkfAEv108GmUpiHXj6maqYG95xG8lAyUu8ZgVKwCTOdi2Ea66q7DeNo BvXt4c11diL7+4uONgcghj4h54JdA5tyatX8Y76mhCuhfpn4r6L2LsPjTZfNAwPy yXLjgp0DtT737+gB83dp+93gyw/AnoIw2P/IApUtVt7foBomt213Op3Fh+kpH5S9 dQBZwY+oYD4LdGZgXJMkRltoV/5spix8FUHiKvmW40PwCH4HDjnFyvYZFEfXscDq xDue+kJB+hJSv9MWOp3fG3h1kcXbAJRsT3dxBiShUeHKzpCXLyQUm/DPSCHKvrtI k8LSAxn+ZxXBN4nMYBQRcq2hdTnEzIAeWhwPRtq8RPhPZ1FsNKkNBJgjoFHrypt3 /3s24PpPgdYhZ9kAy/KICiNShU0DCjzWXdz+2zCQU8/vBxKC1zddDDUkPrDZNOTh mhX8xLNCNhewHsyjmgcqgFzJIdwlUU6Ih6rOrcZ4Nwus/zjrQJ8mOndbYQHkYUZ8 m8Gecdlf+wjXuBgWOCEU04MeXGEZIzoqAq6/iJnxFEtGqeaU2TxpNXO0/3jcCklP XJsVbifgTdw=xS3v -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7.2) - noarch, x86_64 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. ========================================================================== Ubuntu Security Notice USN-4759-1 March 08, 2021 glib2.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GLib. Software Description: - glib2.0: GLib library of C routines Details: Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218) Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libglib2.0-0 2.66.1-2ubuntu0.1 Ubuntu 20.04 LTS: libglib2.0-0 2.64.6-1~ubuntu20.04.2 Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.7 Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.7 After a standard system update you need to restart your session to make all the necessary changes. Description: The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-02-07T22:50:46.241000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE