SCIENTIFIC-LINUX-USERS Archives

December 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Moderate: libguestfs and virt-p2v on SL7.x x86_64
From:
Stephan Wiesand <[log in to unmask]>
Reply To:
Stephan Wiesand <[log in to unmask]>
Date:
Fri, 16 Dec 2016 16:29:19 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (92 lines) 
Got them. This fixed the issue.

Thanks!

- Stephan

On Dec 16, 2016, at 15:53 , Pat Riehecky wrote:

> It looks like our package parser dropped virt-p2v and virt-v2v from the list.
> 
> I'll get them out the door in the next 5 minutes.
> 
> Pat
> 
> On 12/16/2016 03:48 AM, Stephan Wiesand wrote:
>>> On 14 Dec 2016, at 19:07, Scott Reid <[log in to unmask]> wrote:
>>> 
>>> Synopsis:          Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update
>>> Advisory ID:       SLSA-2016:2576-2
>>> Issue Date:        2016-11-03
>>> CVE Numbers:       CVE-2015-8869
>>> --
>>> 
>>> Virt-p2v is a tool for conversion of a physical server to a virtual guest.
>>> 
>>> The following packages have been upgraded to a newer upstream version:
>>> libguestfs (1.32.7), virt-p2v (1.32.7).
>> 
>> Hmm, looks like virt-p2v is not actually in the package list?
>> 
>> In addition, I get this when trying to update a system which has virt-*v*2v installed:
>> 
>> Error: Package: 1:virt-v2v-1.28.1-1.55.el7.x86_64 (@7.2server)
>>           Requires: libguestfs = 1:1.28.1-1.55.el7
>>           Removing: 1:libguestfs-1.28.1-1.55.el7.x86_64 (@7.2server)
>>               libguestfs = 1:1.28.1-1.55.el7
>>           Updated By: 1:libguestfs-1.32.7-3.el7.x86_64 (7.2errata_C)
>>               libguestfs = 1:1.32.7-3.el7
>> 
>> - Stephan
>> 
>>> Security Fix(es):
>>> 
>>> * An integer conversion flaw was found in the way OCaml's String handled
>>> its length. Certain operations on an excessively long String could trigger
>>> a buffer overflow or result in an information leak. (CVE-2015-8869)
>>> 
>>> Note: The libguestfs packages in this advisory were rebuilt with a fixed
>>> version of OCaml to address this issue.
>>> 
>>> Additional Changes:
>>> --
>>> 
>>> SL7
>>>  x86_64
>>>    libguestfs-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-java-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-xfs-1.32.7-3.el7.x86_64.rpm
>>>    perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm
>>>    python-libguestfs-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-devel-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-gobject-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-rescue-1.32.7-3.el7.x86_64.rpm
>>>    libguestfs-rsync-1.32.7-3.el7.x86_64.rpm
>>>    lua-guestfs-1.32.7-3.el7.x86_64.rpm
>>>    ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm
>>>    ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm
>>>    ruby-libguestfs-1.32.7-3.el7.x86_64.rpm
>>>    virt-dib-1.32.7-3.el7.x86_64.rpm
>>>  noarch
>>>    libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm
>>>    libguestfs-tools-1.32.7-3.el7.noarch.rpm
>>>    libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm
>>>    libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm
>>>    libguestfs-javadoc-1.32.7-3.el7.noarch.rpm
>>>    libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm
>>>    libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm
>>> 
>>> - Scientific Linux Development Team
> 

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany

ATOM RSS1 RSS2