Lucene search

CentOS ProjectCESA-2017:0564

HistoryMar 24, 2017 - 3:35 p.m.

libguestfs, ocaml, perl, python, ruby security update

2017-03-2415:35:07

CentOS Project

lists.centos.org

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.022

Percentile

89.5%

JSON

CentOS Errata and Security Advisory CESA-2017:0564

The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.

Security Fix(es):

An integer conversion flaw was found in the way OCaml’s String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)

Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-March/030092.html

Affected packages:
libguestfs
libguestfs-devel
libguestfs-java
libguestfs-java-devel
libguestfs-javadoc
libguestfs-tools
libguestfs-tools-c
ocaml-libguestfs
ocaml-libguestfs-devel
perl-Sys-Guestfs
python-libguestfs
ruby-libguestfs

Upstream details at:
https://access.redhat.com/errata/RHSA-2017:0564

OSVersionArchitecturePackageVersionFilename
CentOS6x86_64libguestfs< 1.20.11-20.el6libguestfs-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64libguestfs-devel< 1.20.11-20.el6libguestfs-devel-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64libguestfs-java< 1.20.11-20.el6libguestfs-java-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64libguestfs-java-devel< 1.20.11-20.el6libguestfs-java-devel-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64libguestfs-javadoc< 1.20.11-20.el6libguestfs-javadoc-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64libguestfs-tools< 1.20.11-20.el6libguestfs-tools-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64libguestfs-tools-c< 1.20.11-20.el6libguestfs-tools-c-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64ocaml-libguestfs< 1.20.11-20.el6ocaml-libguestfs-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64ocaml-libguestfs-devel< 1.20.11-20.el6ocaml-libguestfs-devel-1.20.11-20.el6.x86_64.rpm
CentOS6x86_64perl-sys-guestfs< 1.20.11-20.el6perl-Sys-Guestfs-1.20.11-20.el6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	6	x86_64	libguestfs	< 1.20.11-20.el6	libguestfs-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	libguestfs-devel	< 1.20.11-20.el6	libguestfs-devel-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	libguestfs-java	< 1.20.11-20.el6	libguestfs-java-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	libguestfs-java-devel	< 1.20.11-20.el6	libguestfs-java-devel-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	libguestfs-javadoc	< 1.20.11-20.el6	libguestfs-javadoc-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	libguestfs-tools	< 1.20.11-20.el6	libguestfs-tools-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	libguestfs-tools-c	< 1.20.11-20.el6	libguestfs-tools-c-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	ocaml-libguestfs	< 1.20.11-20.el6	ocaml-libguestfs-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	ocaml-libguestfs-devel	< 1.20.11-20.el6	ocaml-libguestfs-devel-1.20.11-20.el6.x86_64.rpm
CentOS	6	x86_64	perl-sys-guestfs	< 1.20.11-20.el6	perl-Sys-Guestfs-1.20.11-20.el6.x86_64.rpm