Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in libguestfs
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libguestfs
ID: RHSA-2016:2576-02
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux
Datum: Do, 3. November 2016, 11:14
Referenzen: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
https://access.redhat.com/security/cve/CVE-2015-8869
Applikationen: libguestfs

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: libguestfs and virt-p2v security, bug fix, and
enhancement update
Advisory ID: RHSA-2016:2576-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2576.html
Issue date: 2016-11-03
CVE Names: CVE-2015-8869
=====================================================================

1. Summary:

An update for libguestfs and virt-p2v is now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The libguestfs packages contain a library, which is used for accessing and
modifying virtual machine (VM) disk images.

Virt-p2v is a tool for conversion of a physical server to a virtual guest.

The following packages have been upgraded to a newer upstream version:
libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766)

Security Fix(es):

* An integer conversion flaw was found in the way OCaml's String handled
its length. Certain operations on an excessively long String could trigger
a buffer overflow or result in an information leak. (CVE-2015-8869)

Note: The libguestfs packages in this advisory were rebuilt with a fixed
version of OCaml to address this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

855058 - RFE: virt-p2v: display more information about storage devices
1064041 - virt-sparsify fails if a btrfs filesystem contains readonly snapshots
1099976 - virt-builder gives GPG warning message with gnupg2
1156298 - Remove files in package libguestfs-bash-completion, these files are
bash completion files, some of the virt tool completion are already implement in another file, so can remove its completion file
1164708 - set-label can only set <=127 bytes for btrfs and <=126 bytes
for ntfs filesystem which not meet the help message. Also for ntfs it should give a warning message when the length >128 bytes
1166057 - btrfs filesystem will not work well if you create the filesystem with
multiple disks at the same time, such as: mkfs-btrfs "/dev/sda1 /dev/sdb1"
1167916 - P2V: invalid conversion server prints unexpected end of file waiting
for password prompt.
1173695 - RFE: allow passing in a pre-opened libvirt connection from python
1174551 - "lstatnslist" and "lstatlist" don't give an error
if the API is used wrongly
1176801 - File /etc/sysconfig/kernel isn't updated when convert XenPV guest
with regular kernel installed
1180769 - Security context on image file gets reset
1190669 - Support virt-v2v conversion of Windows > 7
1213324 - virt-v2v: warning: unknown guest operating system: windows windows
6.3 when converting win8,win8.1,win2012,win2012R2,win10 to rhev
1213701 - Fail to import win8/win2012 to rhev with error "selected display
type is not supported"
1218766 - Rebase libguestfs in RHEL 7.3
1225789 - Wrong video driver is installed for rhel5.11 guest after conversion
to libvirt
1227599 - P2V invalid password prints unexpected end of file waiting for
command prompt.
1227609 - virt-p2v: Using "Back" button causes output list to be
repopulated multiple times
1229119 - Unrelated info in fstab makes virt-v2v fail with unclear error info
1229386 - virt-p2v in non-GUI mode doesn't show any conversion progress or
status
1238053 - v2v:Duplicate disk target set when convert guest with cdrom attached
1239154 - appliance fails to start with "supermin: ext2fs_file_write:
/var/log/tallylog: Could not allocate block in ext2 filesystem"
1242853 - mount-loop failed to setup loop device: No such file or directory
1260801 - virt-builder --ssh-inject doesn't set proper permissions on
created files
1261242 - virt-v2v should prevent using '-of' option appears twice on
the command line
1261436 - No warning shows when convert a win7 guest with AVG AntiVirus
installed
1262959 - virt-builder/virt-customize set password does not work
1264835 - ppc64le: virt-customize --install fail to detect the guest arch
1267032 - guestfish copy-in command behaves oddly/unexpectedly with wildcards
1277074 - Virt-p2v client shouldn't present the vdsm option because
it's not usable
1277122 - RFE: virt-sparsify: make '--in-place' sparsification safe to
abort (gracefully or ungracefully)
1287826 - Remove virt-v2v support for ppc64le
1290755 - guestfish should be able to handle LVM thin layouts
1292437 - Backport virt-v2v pull dcpath from libvirt
<vmware:datacenterpath>
1293527 - There should be a reminder to avoid user to edit a guest image by
multiple tools at the same time in guestfish man page
1296606 - virt-v2v doesn't remove VirtualBox additions correctly because of
file quoting
1306557 - Running 'git clone' in virt-builder or virt-customize results
in an error message
1308769 - virt-v2v does not copy additional disks to Glance
1309580 - OS name of win8.1 x64 guest shows incorrect in rhevm3.6 general info
1309619 - Wrong warning info "use standard VGA" shows when converting
windows > 7 by virt-v2v
1309706 - error: internal error: Invalid floppy device name: hdb
1309796 - Filter perl provides
1311373 - Fail to install QXL driver for windows 2008r2 and win7 guest after
conversion by virt-v2v
1312254 - virt-v2v -o libvirt doesn't preserve or use correct <graphics
type="vnc|spice">
1314244 - RFE: virt-p2v log window should process colour escapes and backspaces
1315237 - Remove reference info about --dcpath in virt-v2v manual page
1316479 - v2v cmd cannot exit and "block I/O error in device
'appliance': No space left on device (28)" is printed when specified "-v -x"
1318440 - virt-sysprep will fail detecting OS if "/usr" is a distinct
partition mounted in "/" via fstab
1325825 - virt-v2v should prevent using multiple '-b' and '-n'
option appears on the command line
1326266 - virt-v2v should prevent multiple conflicting for "-oa "
1328766 - Remove --in-place option in virt-v2v help
1332025 - Inspection does not parse /etc/redhat-release containing "Derived
from Red Hat Enterprise Linux 7.1 (Source)"
1332090 - CVE-2015-8869 ocaml: sizes arguments are sign-extended from 32 to 64
bits
1340407 - Multiple network ports will not be aligned at p2v client
1340464 - [RFE] Suggestion give user a reminder for "Cancel conversion"
button
1340809 - Testing connection timeout when input regular user of conversion
server with checked "use sudo......"button
1341564 - virt-p2v spinner should be hidden when it stops spinning
1341608 - Ethtool command is not supported on p2v client
1341984 - virt-get-kernel prompts an 'invalid value' error when using
--format auto
1342337 - Should remind a warning about disk image has a partition when using
virt-p2v-make-disk
1342398 - Convert a guest from RHEL by virt-v2v but its origin info shows RHEV
at rhevm
1342447 - Ifconfig command is not supported on p2v client
1343167 - Failure when disk contains an LV with activationskip=y
1343414 - Failed SSH to conversion server by ssh identity http url at p2v
client
1343423 - [RFE]Should give a better description about 'curl error 22'
when failed using ssh identity http url at p2v client
1345809 - virt-customize --truncate-recursive should give an error message when
specifying a no-existing path
1345813 - virt-sysprep --install always failed to install the packages
specified
1348900 - virt-p2v should update error prompt when 'Test connection'
with a non-existing user in conversion server
1349237 - virt-inspector can not get windows drive letters for GPT disks
1349342 - Error info is not clear when failed ssh to conversion server using
non-root user with password on p2v client
1350363 - Improve error info "remote server timeout unexpectedly waiting
for password prompt" when connect to a bogus server at p2v client
1352761 - Virt-manager can't show OS icons of win7/win8/ubuntu guest.
1354335 - overlay of disk images does not specify the format of the backing
file
1358142 - Some info will show when convert guest to libvirt by virt-v2v with
parameter --quiet
1359652 - Fail to inspect Windows ISO file
1362354 - virt-dib failed to create image using DIB_YUM_REPO_CONF
1362357 - run_command runs exit handlers when execve fails (e.g. due to missing
executable)
1362668 - Miscellaneous fixes to tool options
1362669 - Backport improved --selinux-relabel support for virt-sysprep,
virt-builder, virt-customize
1364347 - virt-sparsify --in-place failed with UEFI system
1364419 - [virt-p2v]Failed to connect to conversion server while testing
LSI-mpt2sas hardware which using bnx2x network driver
1365005 - Guest name is incorrect if convert guest from disk image by virt-v2v
1366456 - Converting rhel7 host installed on RAID:warning: fstrim: fstrim:
/sysroot/: the discard operation is not supported
1367615 - OVMF file which is built for rhel7.3 can't be used for virt-v2v
uefi conversion
1370424 - virt-manager coredump when vm with gluster image exists

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libguestfs-1.32.7-3.el7.src.rpm

noarch:
libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm
libguestfs-tools-1.32.7-3.el7.noarch.rpm

x86_64:
libguestfs-1.32.7-3.el7.x86_64.rpm
libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
libguestfs-java-1.32.7-3.el7.x86_64.rpm
libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm
libguestfs-xfs-1.32.7-3.el7.x86_64.rpm
perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm
python-libguestfs-1.32.7-3.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm
libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm
libguestfs-javadoc-1.32.7-3.el7.noarch.rpm
libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm
libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm

x86_64:
libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
libguestfs-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm
libguestfs-gobject-1.32.7-3.el7.x86_64.rpm
libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-rescue-1.32.7-3.el7.x86_64.rpm
libguestfs-rsync-1.32.7-3.el7.x86_64.rpm
lua-guestfs-1.32.7-3.el7.x86_64.rpm
ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm
ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm
ruby-libguestfs-1.32.7-3.el7.x86_64.rpm
virt-dib-1.32.7-3.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libguestfs-1.32.7-3.el7.src.rpm
virt-p2v-1.32.7-2.el7.src.rpm

noarch:
libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm
libguestfs-tools-1.32.7-3.el7.noarch.rpm
virt-p2v-1.32.7-2.el7.noarch.rpm

x86_64:
libguestfs-1.32.7-3.el7.x86_64.rpm
libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
libguestfs-java-1.32.7-3.el7.x86_64.rpm
libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm
libguestfs-xfs-1.32.7-3.el7.x86_64.rpm
perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm
python-libguestfs-1.32.7-3.el7.x86_64.rpm
virt-v2v-1.32.7-3.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm
libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm
libguestfs-javadoc-1.32.7-3.el7.noarch.rpm
libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm
libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm

x86_64:
libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
libguestfs-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm
libguestfs-gobject-1.32.7-3.el7.x86_64.rpm
libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-rescue-1.32.7-3.el7.x86_64.rpm
libguestfs-rsync-1.32.7-3.el7.x86_64.rpm
lua-guestfs-1.32.7-3.el7.x86_64.rpm
ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm
ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm
ruby-libguestfs-1.32.7-3.el7.x86_64.rpm
virt-dib-1.32.7-3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libguestfs-1.32.7-3.el7.src.rpm

noarch:
libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm
libguestfs-tools-1.32.7-3.el7.noarch.rpm

x86_64:
libguestfs-1.32.7-3.el7.x86_64.rpm
libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
libguestfs-java-1.32.7-3.el7.x86_64.rpm
libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm
libguestfs-xfs-1.32.7-3.el7.x86_64.rpm
perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm
python-libguestfs-1.32.7-3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm
libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm
libguestfs-javadoc-1.32.7-3.el7.noarch.rpm
libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm
libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm

x86_64:
libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
libguestfs-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm
libguestfs-gobject-1.32.7-3.el7.x86_64.rpm
libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm
libguestfs-rescue-1.32.7-3.el7.x86_64.rpm
libguestfs-rsync-1.32.7-3.el7.x86_64.rpm
lua-guestfs-1.32.7-3.el7.x86_64.rpm
ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm
ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm
ruby-libguestfs-1.32.7-3.el7.x86_64.rpm
virt-dib-1.32.7-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8869
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYGvqeXlSAg2UNWIIRAriHAJ9FbswQlx4PF1JzLAs/7Ol11kA9ywCaAjyZ
FAqe2QgPmgwRZEjHvFMTIqs=
=oJlz
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung