Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7968: Red Hat Security Advisory: virt-v2v security, bug fix, and enhancement update

An update for virt-v2v is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS
Red Hat Security Data
#vulnerability#web#mac#linux#debian#red_hat#js#vmware#buffer_overflow#auth#ssh

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:7968 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: virt-v2v security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for virt-v2v is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The virt-v2v package provides a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible.

Security Fix(es):

  • libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64

Fixes

  • BZ - 1684075 - Virt-v2v can’t convert a guest from VMware via nbdkit-vddk if original guest disk address is irregular
  • BZ - 1774386 - input_vmx: cleanly reject guests with snapshots when using "-it ssh"
  • BZ - 1788823 - Virt-v2v firstboot scripts should run in order, with v2v network configuration happening first
  • BZ - 1817050 - Can’t convert guest from VMware with non-admin account and vddk >=7.0 by virt-v2v
  • BZ - 1848862 - There is nbdkit curl error info if convert a guest from VMware without vddk by administrator account
  • BZ - 1854275 - document that vmx+ssh "-ip" auth doesn’t cover ssh / scp shell commands
  • BZ - 1868048 - [RFE]virt-v2v should install qemu-ga on debian guest during the conversion
  • BZ - 1883802 - -i vmx: SATA disks are not parsed
  • BZ - 1985830 - Start or remove VM failure even v2v has already finished
  • BZ - 2003503 - There is virt-v2v warning: fstrim on guest filesystem /dev/mapper/osprober-linux-sdb1 failed if non-os disk of source guest has few/no inodes lef
  • BZ - 2028764 - Install the qemu-guest-agent package during the conversion process
  • BZ - 2039597 - Failed to import VM when selecting OVA as a source on RHV webadmin
  • BZ - 2047660 - Add ‘–compressed’ support in modular v2v
  • BZ - 2051564 - [RFE]Limiting the maximum number of disks per guest for v2v conversions
  • BZ - 2059287 - RFE: Rebase virt-v2v to 2.0 in RHEL 9.1
  • BZ - 2062360 - RFE: Virt-v2v should replace hairy “enable LEGACY crypto” advice which a more targeted mechanism
  • BZ - 2064178 - nothing provides openssh-clients >= 8.8p1 needed by virt-v2v-1:2.0.0-1.el9.x86_64
  • BZ - 2066773 - The /tmp/v2v.XXXX directory has incorrect permisison if run v2v by root
  • BZ - 2069768 - Import of OVA fails if the user/group name contains spaces
  • BZ - 2070186 - fix virtio-vsock check (for Linux guests) in virt-v2v
  • BZ - 2070530 - Virt-v2v can’t convert guest when os is installed on nvme disk via vmx+ssh
  • BZ - 2074026 - Remove -o json option
  • BZ - 2074801 - do not pass “–non-bootable --read-write” to "volume create " in openstack output module
  • BZ - 2074805 - -o qemu mode fails with: qemu-system-x86_64: -balloon: invalid option and other problems
  • BZ - 2076013 - RHEL9.1 guest can’t boot into OS after v2v conversion
  • BZ - 2082603 - virt-v2v -o qemu prints cosmetic warning: “warning: short-form boolean option ‘readonly’ deprecated”
  • BZ - 2094779 - missing python dependency in rhel9.1
  • BZ - 2100862 - CVE-2022-2211 libguestfs: Buffer overflow in get_keys leads to DoS
  • BZ - 2101665 - “/dev/nvme0n1” is not remapped to “/dev/vda” (etc) in boot config files such as “/boot/grub2/device.map”
  • BZ - 2107503 - RHEL 8.6 VM with “qemu64” CPU model can’t start because “the CPU is incompatible with host CPU: Host CPU does not provide required features: svm”
  • BZ - 2112801 - RHEL9 guest hangs during boot after conversion by virt-p2v
  • BZ - 2116811 - virt-v2v: error: internal error: assertion failed at linux_kernels.ml, line 190, char 11

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

virt-v2v-2.0.7-6.el9.src.rpm

SHA-256: e6984595278d2d9e8a0547418ef0e01083d9e46aa0b74cfb1ca2d09895aa9ee3

x86_64

virt-v2v-2.0.7-6.el9.x86_64.rpm

SHA-256: 6689b66cc419a746a1a2ec76e263dcd2d8278d12507038c1a94ca17311814f4e

virt-v2v-bash-completion-2.0.7-6.el9.noarch.rpm

SHA-256: f9a9076aa6e76bfbd96b7b08ab0a6e155b5155b61900867fd92ddddee12676ac

virt-v2v-debuginfo-2.0.7-6.el9.x86_64.rpm

SHA-256: 51c2956b0c1c2f192e92667cafaea9850153371b96f625870a81682c442e4d8b

virt-v2v-debugsource-2.0.7-6.el9.x86_64.rpm

SHA-256: 63cecca486b7d280fb11e4d8795e98df4491d9587d1c9472e6d9f1725a710951

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

virt-v2v-man-pages-ja-2.0.7-6.el9.noarch.rpm

SHA-256: 3b4734fe2d66dfc6907af995a3b1ed1b4c5ce83ce690cf02255e8eae7ceac329

virt-v2v-man-pages-uk-2.0.7-6.el9.noarch.rpm

SHA-256: 8cd9076fc853e79a65b0bbf213dbaa24f0b07357c7ce4bb63f2ec98be4030ab9

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-7959-01

Red Hat Security Advisory 2022-7959-01 - guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Issues addressed include buffer overflow and denial of service vulnerabilities.

RHSA-2022:7958: Red Hat Security Advisory: libguestfs security, bug fix, and enhancement update

An update for libguestfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS

RHSA-2022:7959: Red Hat Security Advisory: guestfs-tools security, bug fix, and enhancement update

An update for guestfs-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS

RHSA-2022:7472: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3507: QEMU: fdc: heap buffer overflow in DMA read data transfers * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size

CVE-2022-2211: Red Hat Customer Portal - Access to 24x7 support and knowledge

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.