-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-10960 2010-07-13 06:42:13 --------------------------------------------------------------------------------
Name : libvirt Product : Fedora 13 Version : 0.8.2 Release : 1.fc13 URL : http://libvirt.org/ Summary : Library providing a simple API virtualization Description : Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. -------------------------------------------------------------------------------- Update Information: A reboot is required to update the iptables rules for the default virtual network to address the CVE-2010-2242 All disk format probing is now disabled in a default installation of libvirt. This change may prevent KVM guests using qcow2 disks from booting successfully. If this occurs verify that the guest XML <disk> element has explicitly requested use of the qcow2 data format via the <driver> element: <driver name='qemu' type='qcow2'/> If the qcow2 is using an external backing file, it may be necessary to re-create the qcow2 file, explicitly specifying the backing store format with the '-o' option. qemu- img create -f qcow2 -b master.qcow2 -o backing_fmt=qcow2 newdisk.qcow2 If this is not possible, disk format probing can be re-enabled via /etc/libvirt/qemu.conf allow_disk_format_probing = 1 NB, enabling disk format probing has security consequences as per the linked CVEs. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 17 2010 Cole Robinson <[email protected]> - 0.7.7-5.fc13 - Add qemu.conf options for audio workaround - Fix parsing certain USB sysfs files (bz 598272) - Sanitize pool target paths (bz 494005) - Add qemu.conf for clear emulator capabilities - Prevent libvirtd inside a VM from breaking network access (bz 235961) - Mention --all in 'virsh list' docs (bz 575512) - Initscript fixes (bz 565238) - List wireless interfaces via nodedev-list (bz 596928) * Tue May 18 2010 Cole Robinson <[email protected]> - 0.7.7-4.fc13 - Fix nodedev XML conversion errors (bz 591262) - Fix PCI xml decimal parsing (bz 582752) - Fix CDROM media connect/eject (bz 582005) - Always report qemu startup output on error (bz 581381) - Fix crash from 'virsh dominfo' if secdriver disabled (bz 581166) -------------------------------------------------------------------------------- References: [ 1 ] Bug #607810 - CVE-2010-2237 libvirt: ignoring defined main disk format when looking up disk backing stores https://bugzilla.redhat.com/show_bug.cgi?id=607810 [ 2 ] Bug #607811 - CVE-2010-2238 libvirt: ignoring defined disk backing store format when recursing into disk image backing stores https://bugzilla.redhat.com/show_bug.cgi?id=607811 [ 3 ] Bug #607812 - CVE-2010-2239 libvirt: not setting user defined backing store format when creating new image https://bugzilla.redhat.com/show_bug.cgi?id=607812 [ 4 ] Bug #602455 - CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for obtaining privileged resources on the host https://bugzilla.redhat.com/show_bug.cgi?id=602455 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libvirt' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
