Description of problem: Customer had a recent security scan reported openvswitch2.11 as having an open vulnerability because the package installed is openvswitch2.11-2.11.0-9.el7fdp and it should be openvswitch2.11-2.11.0-35.el7fdp. ACAS report. Plugin: 133127 Plugin Name: RHEL 7 : openvswitch2.11 (RHSA-2020:0166) Plugin Output: Remote package installed : openvswitch2.11-2.11.0-9.el7fdp Should be : openvswitch2.11-2.11.0-35.el7fdp Remote package installed : python-openvswitch2.11-2.11.0-9.el7fdp Should be : python-openvswitch2.11-2.11.0-35.el7fdp NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations. Description: An update for openvswitch2.11 is now available for Fast Datapath for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix(es) : * dpdk: possible memory leak leads to denial of service (CVE-2019-14818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [openvswitch] No traffic over GRE IPv6 tunnel - OVS issue (userspace) (BZ# 1725623) * [RHEL 7] [ovsdb-server] Allow replicating from older schema servers (BZ# 1766586) * measure the time needed by ovn-controller to resync to a new SB db (BZ# 1776883) * [ovs2.11] SSL connections drops are constantly logged in ovsdb-server-nb.log (BZ#1780745) Will this package openvswitch2.11-2.11.0-35.el7fdp be available in 4.3.8?? And is there a method to workaround the issue at the current 4.3.7 or do they have to wait for upgrade?
rhv-4.3.8 should contain ovn2.11-2.11.1-24.el7fdp.x86_64
Hi Dominik, 1. QE does not touch production channels, we measure quality on candidate releases, thus only RCM can get you this info. 2. long time ago we found out this is not sufficient as we need to check RCM, thus Pavol Brilla, you're looking for Pavol
For verification we should ensure that FDP 20.B is included in RHVH, hosted engine appliance, bare metal engine and RHEL host.
Finally, the correct versions has been shipped with 4.3.7-9 tag build, RHEL engine and baremetal hosts shipped correctly now. Verified on and with: rhvm-4.3.9.3-0.1.el7.noarch ovn2.11-2.11.1-33.el7fdp.x86_64 ovn2.11-central-2.11.1-33.el7fdp.x86_64 python-openvswitch2.11-2.11.0-48.el7fdp.x86_64 openvswitch2.11-2.11.0-48.el7fdp.x86_64 ovirt-provider-ovn-driver-1.2.29-1.el7ev.noarch ovn2.11-host-2.11.1-33.el7fdp.x86_64 ovn2.11-2.11.1-33.el7fdp.x86_64 openvswitch2.11-2.11.0-48.el7fdp.x86_64 vdsm-4.30.43-1.el7ev.x86_64
Correction to the RHV engine version build, verified with rhvm-4.3.9.4-11.el7.noarch
Anton - has this been shipped or not? Can this bug be closed errata?
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days