Synopsis: Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update Advisory ID: SLSA-2016:2576-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2015-8869 -- Virt-p2v is a tool for conversion of a physical server to a virtual guest. The following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). Security Fix(es): * An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869) Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue. Additional Changes: -- SL7 x86_64 libguestfs-1.32.7-3.el7.x86_64.rpm libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-java-1.32.7-3.el7.x86_64.rpm libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm libguestfs-xfs-1.32.7-3.el7.x86_64.rpm perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm python-libguestfs-1.32.7-3.el7.x86_64.rpm libguestfs-devel-1.32.7-3.el7.x86_64.rpm libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm libguestfs-rescue-1.32.7-3.el7.x86_64.rpm libguestfs-rsync-1.32.7-3.el7.x86_64.rpm lua-guestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm ruby-libguestfs-1.32.7-3.el7.x86_64.rpm virt-dib-1.32.7-3.el7.x86_64.rpm noarch libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm libguestfs-tools-1.32.7-3.el7.noarch.rpm libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm libguestfs-javadoc-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm - Scientific Linux Development Team