Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7959: Red Hat Security Advisory: guestfs-tools security, bug fix, and enhancement update

An update for guestfs-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#buffer_overflow#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:7959 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: guestfs-tools security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for guestfs-tools is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more.

Security Fix(es):

  • libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2059286 - RFE: Rebase guestfs-tools to 1.48 in RHEL 9.1
  • BZ - 2072493 - [RFE] Request to add lvm system.devices cleanup operation to virt-sysprep
  • BZ - 2075718 - Having to use “–selinux-relabel” is not intuitive given Red Hat products default to selinux enabled.
  • BZ - 2089748 - Removal of “–selinux-relabel” option breaks existing scripts
  • BZ - 2100862 - CVE-2022-2211 libguestfs: Buffer overflow in get_keys leads to DoS
  • BZ - 2106286 - virt-sysprep: make an effort to support LUKS on LV

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

guestfs-tools-1.48.2-5.el9.src.rpm

SHA-256: 3e841f406d1199668a8ef6ac25a0945db33adc06a8d256bfd8e8ae77e8b0bdb8

x86_64

guestfs-tools-1.48.2-5.el9.x86_64.rpm

SHA-256: fb69e17eb690cf4d009351556f34ea1a4f86793dd1ea38a26f5804abec56f5b9

guestfs-tools-debuginfo-1.48.2-5.el9.x86_64.rpm

SHA-256: 89f923557a36a632ef024d7b76dfad717ab384df8a7af4ce3b746074d726f53c

guestfs-tools-debugsource-1.48.2-5.el9.x86_64.rpm

SHA-256: bc559c4b36aab4570d5ccdca376ea2ad6add5f16f108650b7177d8276cdd8ed4

virt-win-reg-1.48.2-5.el9.noarch.rpm

SHA-256: 9380f8bff7fdb3917bef8d3c1e98b0492d35fe45774a9055650a322b490a5344

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

guestfs-tools-1.48.2-5.el9.src.rpm

SHA-256: 3e841f406d1199668a8ef6ac25a0945db33adc06a8d256bfd8e8ae77e8b0bdb8

s390x

guestfs-tools-1.48.2-5.el9.s390x.rpm

SHA-256: f202ecd7b78bd9ab6af6b594e325cfc282c68ba96ff2791a9aae25f54274f25a

guestfs-tools-debuginfo-1.48.2-5.el9.s390x.rpm

SHA-256: 0b9795faa841949620a3e5f86b919fc0aedb842847209effe2cc12f85072f84a

guestfs-tools-debugsource-1.48.2-5.el9.s390x.rpm

SHA-256: a430128896d8d2b603a11241e2c5f034c23a3a6d5ecdebcd810cc9a82b461d7e

virt-win-reg-1.48.2-5.el9.noarch.rpm

SHA-256: 9380f8bff7fdb3917bef8d3c1e98b0492d35fe45774a9055650a322b490a5344

Red Hat Enterprise Linux for ARM 64 9

SRPM

guestfs-tools-1.48.2-5.el9.src.rpm

SHA-256: 3e841f406d1199668a8ef6ac25a0945db33adc06a8d256bfd8e8ae77e8b0bdb8

aarch64

guestfs-tools-1.48.2-5.el9.aarch64.rpm

SHA-256: d76768aaa53647c74a52a89a8ae9f9afa624b9389a80131906ffd6b99187f4d0

guestfs-tools-debuginfo-1.48.2-5.el9.aarch64.rpm

SHA-256: 1c1af5c6a36a715aa78ba1ed9fc5780b5df48c4128e22363e8bd9ddee58836d5

guestfs-tools-debugsource-1.48.2-5.el9.aarch64.rpm

SHA-256: c74d1dabc79d934069be22e6d30ea4ff132293845bdbfad8bc7d07a68c43e779

virt-win-reg-1.48.2-5.el9.noarch.rpm

SHA-256: 9380f8bff7fdb3917bef8d3c1e98b0492d35fe45774a9055650a322b490a5344

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-7959-01

Red Hat Security Advisory 2022-7959-01 - guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Issues addressed include buffer overflow and denial of service vulnerabilities.

RHSA-2022:7958: Red Hat Security Advisory: libguestfs security, bug fix, and enhancement update

An update for libguestfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS

RHSA-2022:7968: Red Hat Security Advisory: virt-v2v security, bug fix, and enhancement update

An update for virt-v2v is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS

RHSA-2022:7472: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3507: QEMU: fdc: heap buffer overflow in DMA read data transfers * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size

CVE-2022-2211: Red Hat Customer Portal - Access to 24x7 support and knowledge

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.