Important: OpenShift Virtualization 4.12.0 Images security update

Topic

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

Security Fix(es):

• golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
• kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
• golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
• golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
• golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
• golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
• golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
• golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
• golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
• golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
• golang: syscall: faccessat checks wrong group (CVE-2022-29526)
• golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
• golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
• golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
• golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
• golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
• golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
• golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RHEL-8-CNV-4.12

==============

bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89

Solution

Before applying this update, you must apply all previously released errata
relevant to your system.

To apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Container Native Virtualization 4.12 for RHEL 8 x86_64

Fixes

• BZ - 1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
• BZ - 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
• BZ - 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
• BZ - 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
• BZ - 2040377 - Unable to delete failed VMIM after VM deleted
• BZ - 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
• BZ - 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
• BZ - 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
• BZ - 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
• BZ - 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
• BZ - 2060499 - [RFE] Cannot add additional service (or other objects) to VM template
• BZ - 2069098 - Large scale |VMs migration is slow due to low migration parallelism
• BZ - 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
• BZ - 2071491 - Storage Throughput metrics are incorrect in Overview
• BZ - 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
• BZ - 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
• BZ - 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
• BZ - 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
• BZ - 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
• BZ - 2086551 - Min CPU feature found in labels
• BZ - 2087724 - Default template show no boot source even there are auto-upload boot sources
• BZ - 2088129 - [SSP] webhook does not comply with restricted security context
• BZ - 2088464 - [CDI] cdi-deployment does not comply with restricted security context
• BZ - 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
• BZ - 2089744 - HCO should label its control plane namespace to admit pods at privileged security level
• BZ - 2089751 - 4.12.0 containers
• BZ - 2089804 - 4.12.0 rpms
• BZ - 2091856 - ?Edit BootSource? action should have more explicit information when disabled
• BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
• BZ - 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
• BZ - 2093771 - The disk source should be PVC if the template has no auto-update boot source
• BZ - 2093996 - kubectl get vmi API should always return primary interface if exist
• BZ - 2094202 - Cloud-init username field should have hint
• BZ - 2096285 - KubeVirt CR API documentation is missing docs for many fields
• BZ - 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
• BZ - 2097436 - Online disk expansion ignores filesystem overhead change
• BZ - 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
• BZ - 2099556 - [RFE] Add option to enable RDP service for windows vm
• BZ - 2099573 - [RFE] Improve template's message about not editable
• BZ - 2099923 - [RFE] Merge "SSH access" and "SSH command" into one
• BZ - 2100290 - Error is not dismissed on catalog review page
• BZ - 2100436 - VM list filtering ignores VMs in error-states
• BZ - 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
• BZ - 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
• BZ - 2100629 - Update nested support KBASE article
• BZ - 2100679 - The number of hardware devices is not correct in vm overview tab
• BZ - 2100682 - All hardware devices get deleted while just delete one
• BZ - 2100684 - Workload profile are not editable during creation and after creation
• BZ - 2101144 - VM filter has two "Other" checkboxes which are triggered together
• BZ - 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
• BZ - 2101167 - Edit buttons clickable area is too large.
• BZ - 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
• BZ - 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
• BZ - 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
• BZ - 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
• BZ - 2101423 - wrong user name on using ignition
• BZ - 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
• BZ - 2101445 - "Pending changes - Boot Order"
• BZ - 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
• BZ - 2101499 - Cannot add NIC to VM template as non-priv user
• BZ - 2101501 - NAME parameter in VM template has no effect.
• BZ - 2101628 - non-priv user cannot load dataSource while edit template's rootdisk
• BZ - 2101667 - VMI view is not aligned with vm and tempates
• BZ - 2101681 - All templates are labeling "source available" in template list page
• BZ - 2102074 - VM Creation time on VM Overview Details card lacks string
• BZ - 2102125 - vm clone modal is displaying DV size instead of PVC size
• BZ - 2102132 - align the utilization card of single VM overview with the design
• BZ - 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
• BZ - 2102256 - Add button moved to right
• BZ - 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
• BZ - 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
• BZ - 2102561 - sysprep-info should link to downstream doc
• BZ - 2102737 - Clone a VM should lead to vm overview tab
• BZ - 2102740 - "Save" button on vm clone modal should be "Clone"
• BZ - 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
• BZ - 2103807 - PVC is not named by VM name while creating vm quickly
• BZ - 2103817 - Workload profile values in vm details should align with template's value
• BZ - 2103844 - VM nic model is empty
• BZ - 2104331 - VM list page scroll up automatically
• BZ - 2104402 - VM create button is not enabled while adding multiple environment disks
• BZ - 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
• BZ - 2104424 - Enable descheduler or hide it on template's scheduling tab
• BZ - 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
• BZ - 2104480 - Alerts in VM overview tab disappeared after a few seconds
• BZ - 2104785 - "Add disk" and "Disks" are on the same line
• BZ - 2104859 - [RFE] Add "Copy SSH command" to VM action list
• BZ - 2105257 - Can't set log verbosity level for virt-operator pod
• BZ - 2106175 - All pages are crashed after visit Virtualization -> Overview
• BZ - 2106963 - Cannot add configmap for windows VM
• BZ - 2107279 - VM Template's bootable disk can be marked as bootable
• BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
• BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
• BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
• BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
• BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
• BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
• BZ - 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
• BZ - 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
• BZ - 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
• BZ - 2108339 - datasource does not provide timestamp when updated
• BZ - 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
• BZ - 2109818 - Upstream metrics documentation is not detailed enough
• BZ - 2109975 - DataVolume fails to import "cirros-container-disk-demo" image
• BZ - 2110256 - Storage -> PVC -> upload data, does not support source reference
• BZ - 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
• BZ - 2111240 - GiB changes to B in Template's Edit boot source reference modal
• BZ - 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
• BZ - 2111328 - kubevirt plugin console crashed after visit vmi page
• BZ - 2111378 - VM SSH command generated by UI points at api VIP
• BZ - 2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`
• BZ - 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
• BZ - 2112900 - button style are different
• BZ - 2114516 - Nothing happens after clicking on Fedora cloud image list link
• BZ - 2114636 - The style of displayed items are not unified on VM tabs
• BZ - 2114683 - VM overview tab is crashed just after the vm is created
• BZ - 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
• BZ - 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
• BZ - 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
• BZ - 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
• BZ - 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
• BZ - 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
• BZ - 2117549 - Cannot edit cloud-init data after add ssh key
• BZ - 2117803 - Cannot edit ssh even vm is stopped
• BZ - 2117813 - Improve descriptive text of VM details while VM is off
• BZ - 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
• BZ - 2118257 - outdated doc link tolerations modal
• BZ - 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
• BZ - 2119069 - Unable to start windows VMs on PSI setups
• BZ - 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
• BZ - 2119309 - readinessProbe in VM stays on failed
• BZ - 2119615 - Change the disk size causes the unit changed
• BZ - 2120907 - Cannot filter disks by label
• BZ - 2121320 - Negative values in migration metrics
• BZ - 2122236 - Failing to delete HCO with SSP sticking around
• BZ - 2122990 - VMExport should check APIGroup
• BZ - 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
• BZ - 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
• BZ - 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
• BZ - 2124555 - View documentation link on MigrationPolicies page des not work
• BZ - 2124557 - MigrationPolicy description is not displayed on Details page
• BZ - 2124558 - Non-privileged user can start MigrationPolicy creation
• BZ - 2124565 - Deleted DataSource reappears in list
• BZ - 2124572 - First annotation can not be added to DataSource
• BZ - 2124582 - Filtering VMs by OS does not work
• BZ - 2124594 - Docker URL validation is inconsistent over application
• BZ - 2124597 - Wrong case in Create DataSource menu
• BZ - 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
• BZ - 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
• BZ - 2127787 - Expose the PVC source of the dataSource on UI
• BZ - 2127843 - UI crashed by selecting "Live migration network"
• BZ - 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
• BZ - 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
• BZ - 2128002 - Error after VM template deletion
• BZ - 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
• BZ - 2128872 - [4.11]Can't restore cloned VM
• BZ - 2128948 - Cannot create DataSource from default YAML
• BZ - 2128949 - Cannot create MigrationPolicy from example YAML
• BZ - 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
• BZ - 2129013 - Mark Windows 11 as TechPreview
• BZ - 2129234 - Service is not deleted along with the VM when the VM is created from a template with service
• BZ - 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
• BZ - 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
• BZ - 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
• BZ - 2130588 - crypto-policy : Common Ciphers support by apiserver and hco
• BZ - 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
• BZ - 2130909 - Non-privileged user can start DataSource creation
• BZ - 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
• BZ - 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
• BZ - 2131674 - Bump virtlogd memory requirement to 20Mi
• BZ - 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
• BZ - 2132682 - Default YAML entity name convention.
• BZ - 2132721 - Delete dialogs
• BZ - 2132744 - Description text is missing in Live Migrations section
• BZ - 2132746 - Background is broken in Virtualization Monitoring page
• BZ - 2132783 - VM can not be created from Template with edited boot source
• BZ - 2132793 - Edited Template BSR is not saved
• BZ - 2132932 - Typo in PVC size units menu
• BZ - 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
• BZ - 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
• BZ - 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
• BZ - 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
• BZ - 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
• BZ - 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
• BZ - 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
• BZ - 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
• BZ - 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
• BZ - 2134672 - [e2e] add data-test-id for catalog -> storage section
• BZ - 2134825 - Authorization for expand-spec endpoint missing
• BZ - 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
• BZ - 2136051 - Name jumping when trying to create a VM with source from catalog
• BZ - 2136425 - Windows 11 is detected as Windows 10
• BZ - 2136534 - Not possible to specify a TTL on VMExports
• BZ - 2137123 - VMExport: export pod is not PSA complaint
• BZ - 2137241 - Checkbox about delete vm disks is not loaded while deleting VM
• BZ - 2137243 - registery input add docker prefix twice
• BZ - 2137349 - "Manage source" action infinitely loading on DataImportCron details page
• BZ - 2137591 - Inconsistent dialog headings/titles
• BZ - 2137731 - Link of VM status in overview is not working
• BZ - 2137733 - No link for VMs in error status in "VirtualMachine statuses" card
• BZ - 2137736 - The column name "MigrationPolicy name" can just be "Name"
• BZ - 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
• BZ - 2138112 - Unsupported S3 endpoint option in Add disk modal
• BZ - 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
• BZ - 2138199 - Win11 and Win22 templates are not filtered properly by Template provider
• BZ - 2138653 - Saving Template prameters reloads the page
• BZ - 2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail
• BZ - 2138664 - VM that was created with SSH key fails to start
• BZ - 2139257 - Cannot add disk via "Using an existing PVC"
• BZ - 2139260 - Clone button is disabled while VM is running
• BZ - 2139293 - Non-admin user cannot load VM list page
• BZ - 2139296 - Non-admin cannot load MigrationPolicies page
• BZ - 2139299 - No auto-generated VM name while creating VM by non-admin user
• BZ - 2139306 - Non-admin cannot create VM via customize mode
• BZ - 2139479 - virtualization overview crashes for non-priv user
• BZ - 2139574 - VM name gets "emptyname" if click the create button quickly
• BZ - 2139651 - non-priv user can click create when have no permissions
• BZ - 2139687 - catalog shows template list for non-priv users
• BZ - 2139738 - [4.12]Can't restore cloned VM
• BZ - 2139820 - non-priv user cant reach vm details
• BZ - 2140117 - Provide upgrade path from 4.11.1->4.12.0
• BZ - 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
• BZ - 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
• BZ - 2140627 - Not able to select storageClass if there is no default storageclass defined
• BZ - 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
• BZ - 2140808 - Hyperv feature set to "enabled: false" prevents scheduling
• BZ - 2140977 - Alerts number is not correct on Virtualization overview
• BZ - 2140982 - The base template of cloned template is "Not available"
• BZ - 2140998 - Incorrect information shows in overview page per namespace
• BZ - 2141089 - Unable to upload boot images.
• BZ - 2141302 - Unhealthy states alerts and state metrics are missing
• BZ - 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
• BZ - 2141494 - "Start in pause mode" option is not available while creating the VM
• BZ - 2141654 - warning log appearing on VMs: found no SR-IOV networks
• BZ - 2141711 - Node column selector is redundant for non-priv user
• BZ - 2142468 - VM action "Stop" should not be disabled when VM in pause state
• BZ - 2142470 - Delete a VM or template from all projects leads to 404 error
• BZ - 2142511 - Enhance alerts card in overview
• BZ - 2142647 - Error after MigrationPolicy deletion
• BZ - 2142891 - VM latency checkup: Failed to create the checkup's Job
• BZ - 2142929 - Permission denied when try get instancestypes
• BZ - 2143268 - Topolvm storageProfile missing accessModes and volumeMode
• BZ - 2143498 - Could not load template while creating VM from catalog
• BZ - 2143964 - Could not load template while creating VM from catalog
• BZ - 2144580 - "?" icon is too big in VM Template Disk tab
• BZ - 2144828 - "?" icon is too big in VM Template Disk tab
• BZ - 2144839 - Alerts number is not correct on Virtualization overview
• BZ - 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
• BZ - 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

CVEs

• CVE-2015-20107
• CVE-2016-3709
• CVE-2020-0256
• CVE-2020-35525
• CVE-2020-35527
• CVE-2021-0308
• CVE-2021-38561
• CVE-2021-44716
• CVE-2021-44717
• CVE-2022-0391
• CVE-2022-0934
• CVE-2022-1292
• CVE-2022-1304
• CVE-2022-1586
• CVE-2022-1705
• CVE-2022-1785
• CVE-2022-1798
• CVE-2022-1897
• CVE-2022-1927
• CVE-2022-1962
• CVE-2022-2068
• CVE-2022-2097
• CVE-2022-2509
• CVE-2022-3515
• CVE-2022-3787
• CVE-2022-22624
• CVE-2022-22628
• CVE-2022-22629
• CVE-2022-22662
• CVE-2022-23772
• CVE-2022-23773
• CVE-2022-23806
• CVE-2022-24795
• CVE-2022-25308
• CVE-2022-25309
• CVE-2022-25310
• CVE-2022-26700
• CVE-2022-26709
• CVE-2022-26710
• CVE-2022-26716
• CVE-2022-26717
• CVE-2022-26719
• CVE-2022-27404
• CVE-2022-27405
• CVE-2022-27406
• CVE-2022-28131
• CVE-2022-29526
• CVE-2022-30293
• CVE-2022-30629
• CVE-2022-30630
• CVE-2022-30631
• CVE-2022-30632
• CVE-2022-30633
• CVE-2022-30635
• CVE-2022-30698
• CVE-2022-30699
• CVE-2022-32148
• CVE-2022-32206
• CVE-2022-32208
• CVE-2022-34903
• CVE-2022-37434
• CVE-2022-40674
• CVE-2022-42898

References

• https://access.redhat.com/security/updates/classification/#important