Headline
RHSA-2022:7968: Red Hat Security Advisory: virt-v2v security, bug fix, and enhancement update
An update for virt-v2v is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:7968 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: virt-v2v security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for virt-v2v is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The virt-v2v package provides a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible.
Security Fix(es):
- libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Fixes
- BZ - 1684075 - Virt-v2v can’t convert a guest from VMware via nbdkit-vddk if original guest disk address is irregular
- BZ - 1774386 - input_vmx: cleanly reject guests with snapshots when using "-it ssh"
- BZ - 1788823 - Virt-v2v firstboot scripts should run in order, with v2v network configuration happening first
- BZ - 1817050 - Can’t convert guest from VMware with non-admin account and vddk >=7.0 by virt-v2v
- BZ - 1848862 - There is nbdkit curl error info if convert a guest from VMware without vddk by administrator account
- BZ - 1854275 - document that vmx+ssh "-ip" auth doesn’t cover ssh / scp shell commands
- BZ - 1868048 - [RFE]virt-v2v should install qemu-ga on debian guest during the conversion
- BZ - 1883802 - -i vmx: SATA disks are not parsed
- BZ - 1985830 - Start or remove VM failure even v2v has already finished
- BZ - 2003503 - There is virt-v2v warning: fstrim on guest filesystem /dev/mapper/osprober-linux-sdb1 failed if non-os disk of source guest has few/no inodes lef
- BZ - 2028764 - Install the qemu-guest-agent package during the conversion process
- BZ - 2039597 - Failed to import VM when selecting OVA as a source on RHV webadmin
- BZ - 2047660 - Add ‘–compressed’ support in modular v2v
- BZ - 2051564 - [RFE]Limiting the maximum number of disks per guest for v2v conversions
- BZ - 2059287 - RFE: Rebase virt-v2v to 2.0 in RHEL 9.1
- BZ - 2062360 - RFE: Virt-v2v should replace hairy “enable LEGACY crypto” advice which a more targeted mechanism
- BZ - 2064178 - nothing provides openssh-clients >= 8.8p1 needed by virt-v2v-1:2.0.0-1.el9.x86_64
- BZ - 2066773 - The /tmp/v2v.XXXX directory has incorrect permisison if run v2v by root
- BZ - 2069768 - Import of OVA fails if the user/group name contains spaces
- BZ - 2070186 - fix virtio-vsock check (for Linux guests) in virt-v2v
- BZ - 2070530 - Virt-v2v can’t convert guest when os is installed on nvme disk via vmx+ssh
- BZ - 2074026 - Remove -o json option
- BZ - 2074801 - do not pass “–non-bootable --read-write” to "volume create " in openstack output module
- BZ - 2074805 - -o qemu mode fails with: qemu-system-x86_64: -balloon: invalid option and other problems
- BZ - 2076013 - RHEL9.1 guest can’t boot into OS after v2v conversion
- BZ - 2082603 - virt-v2v -o qemu prints cosmetic warning: “warning: short-form boolean option ‘readonly’ deprecated”
- BZ - 2094779 - missing python dependency in rhel9.1
- BZ - 2100862 - CVE-2022-2211 libguestfs: Buffer overflow in get_keys leads to DoS
- BZ - 2101665 - “/dev/nvme0n1” is not remapped to “/dev/vda” (etc) in boot config files such as “/boot/grub2/device.map”
- BZ - 2107503 - RHEL 8.6 VM with “qemu64” CPU model can’t start because “the CPU is incompatible with host CPU: Host CPU does not provide required features: svm”
- BZ - 2112801 - RHEL9 guest hangs during boot after conversion by virt-p2v
- BZ - 2116811 - virt-v2v: error: internal error: assertion failed at linux_kernels.ml, line 190, char 11
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
virt-v2v-2.0.7-6.el9.src.rpm
SHA-256: e6984595278d2d9e8a0547418ef0e01083d9e46aa0b74cfb1ca2d09895aa9ee3
x86_64
virt-v2v-2.0.7-6.el9.x86_64.rpm
SHA-256: 6689b66cc419a746a1a2ec76e263dcd2d8278d12507038c1a94ca17311814f4e
virt-v2v-bash-completion-2.0.7-6.el9.noarch.rpm
SHA-256: f9a9076aa6e76bfbd96b7b08ab0a6e155b5155b61900867fd92ddddee12676ac
virt-v2v-debuginfo-2.0.7-6.el9.x86_64.rpm
SHA-256: 51c2956b0c1c2f192e92667cafaea9850153371b96f625870a81682c442e4d8b
virt-v2v-debugsource-2.0.7-6.el9.x86_64.rpm
SHA-256: 63cecca486b7d280fb11e4d8795e98df4491d9587d1c9472e6d9f1725a710951
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
virt-v2v-man-pages-ja-2.0.7-6.el9.noarch.rpm
SHA-256: 3b4734fe2d66dfc6907af995a3b1ed1b4c5ce83ce690cf02255e8eae7ceac329
virt-v2v-man-pages-uk-2.0.7-6.el9.noarch.rpm
SHA-256: 8cd9076fc853e79a65b0bbf213dbaa24f0b07357c7ce4bb63f2ec98be4030ab9
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-7959-01 - guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Issues addressed include buffer overflow and denial of service vulnerabilities.
An update for libguestfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS
An update for guestfs-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3507: QEMU: fdc: heap buffer overflow in DMA read data transfers * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size
A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.