5.148. libguestfs
Updated libguestfs packages that fix one security issue, multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The libguestfs package contains a library for accessing and modifying guest disk images.
Note
The libguestfs package has been upgraded to upstream version 1.16, which provides a number of bug fixes and enhancements over the previous version. (BZ#719879)
Security Fix
- CVE-2012-2690
- It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to.
Bug Fixes
- BZ#647174
- When cloning, the virt-clone tool incorrectly adopted some of the properties of the original virtual machine image, for example, the udev rules for network interface: the clone was then created with a NIC identical to the NIC of the original virtual machine NIC. With this update, the virt-sysprep and virt-sparsify tools have been added to solve this problem. The virt-sysprep tool can erase the state from guests, and virt-sparsify can make guest images sparse. Users are advised to use virt-sysprep and virt-sparsify either as a replacement for or in conjunction with virt-clone.
- BZ#789960
- The
libguestfs
daemon terminated unexpectedly when it attempted to mount a non-existent disk. This happened because libguestfs returned an unexpected error to any program that accidentally tried to mount a non-existent disk and all further operations intended to handle such a situation failed. With this update,libguestfs
returns an appropriate error message and remains stable in the scenario described. - BZ#790958
- If two threads in one program called the
guestfs_launch()
function at the same time, an unexpected error could be returned. The respective code in the libguestfs library has been modified to be thread-safe in this scenario and the library can be used from multi-threaded programs with more than one libguestfs handle. - BZ#769359
- After a block device was closed, the udev device manager triggered a process which re-opened the block device. Consequently, libguestfs operations occasionally failed as they rely on the disk being immediately free for the kernel to re-read the partition table. This commonly occurred with the virt-resize feature. With this update, the operations now wait for the udev action to finish and no longer fail in the scenario described.
- BZ#809401
- In Fedora 17, the
/bin
directory is a symbolic link, while it was a directory in previous releases. Due to this change, libguestfs could not inspect a guest with Fedora 17 and newer. With this update, the libguestfs inspection has been changed so that it now recognizes such guests as expected. - BZ#729076
- Previously, libguestfs considered any disk that contained
autoexec.bat
orboot.ini
orntldr
file in its root a candidate for a Windows root disk. If a guest had an HP recovery partition, libguestfs could not recognize the HP recovery partition and handled the system as being dual-boot. Consequently, some virt tools did not work as they do not support multi-boot guests. With this update, libguestfs investigates a potential Windows root disk properly and no longer recognizes the special HP recovery partition as a Windows root disk. - BZ#811673
- If launching of certain appliances failed, libguestfs did not set the error string. As Python programs handling the bindings assumed that the error string was not
NULL
, the binding process terminated unexpectedly with a segmentation fault when theg.launch()
function was called under some circumstances. With this update, the error string is now set properly on all failure paths in the described scenario and Python programs no longer terminate with a segmentation fault when calling theg.launch()
function under these circumstances. - BZ#812092
- The qemu emulator cannot open disk image files that contain the colon character (
:
). Previously, libguestfs resolved the link to the disk image before sending it to qemu. If the resolved link contained the colon character, qemu failed to run. Also, libguestfs sometimes failed to open a disk image file under these circumstances due to incorrect handling of special characters. With this update, libguestfs no longer resolves a link to a disk image before sending it to qemu and is able to handle any filenames, except for filenames that contain a colon character. Also, libguestfs now returns correct diagnostic messages when presented with a filename that contains a colon character.
Enhancements
- BZ#741183
- The libguestfs application now provides the virt-alignment-scan tool and updated virt-resize, which can diagnose unaligned partitions on a guest, so that you can fix the problem and improve the partitions' performance. For more information, refer to the virt-alignment-scan(1) and virt-resize(1) manual pages.
- BZ#760221
- Previously, libguestfs operations could not handle paths to HP Smart Array (cciss) devices. When the virt-p2v tool converted a physical machine that uses Linux software RAID devices to run in a VM, the libguestfs inspection failed to handle the paths in the /etc/fstab file. With this update, support for such cciss paths has been added and the virt-p2v tool is now able to successfully convert these guests.
- BZ#760223
- When the virt-p2v tool converted a physical machine that uses Linux software RAID devices to run in a VM, the libguestfs inspection failed to handle the paths in the
/etc/fstab
file. With this update, support for such RAID paths has been added and the virt-p2v tool is now able to successfully convert these guests.
Users of libguestfs should upgrade to these updated packages, which fix these issues and add these enhancements.