Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: libguestfs-1.20.12-1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Sunday 27th October 2013 03:58:59 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-19452
2013-10-19 07:31:18
--------------------------------------------------------------------------------

Name        : libguestfs
Product     : Fedora 18
Version     : 1.20.12
Release     : 1.fc18
URL         : http://libguestfs.org/
Summary     : Access and modify virtual machine disk images
Description :
Libguestfs is a library for accessing and modifying guest disk images.
Amongst the things this is good for: making batch configuration
changes to guests, getting disk used/free statistics (see also:
virt-df), migrating between virtualization systems (see also:
virt-p2v), performing partial backups, performing partial guest
clones, cloning guests and changing registry/UUID/hostname info, and
much else besides.

Libguestfs uses Linux kernel and qemu code, and can access any type of
guest filesystem that Linux and qemu can, including but not limited
to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition
schemes, qcow, qcow2, vmdk.

Libguestfs provides ways to enumerate guest storage (eg. partitions,
LVs, what filesystem is in each LV, etc.).  It can also run commands
in the context of the guest.

Libguestfs is a library that can be linked with C and C++ management
programs.

For high level virt tools, guestfish (shell scripting and command line
access), and guestmount (mount guest filesystems using FUSE), install
'libguestfs-tools'.

For shell scripting and command line access, install 'guestfish'.

To mount guest filesystems on the host using FUSE, install
'libguestfs-mount'.

For Erlang bindings, install 'erlang-libguestfs'.

For GObject bindings and GObject Introspection, install
'libguestfs-gobject-devel'.

For Java bindings, install 'libguestfs-java-devel'.

For Lua bindings, install 'lua-guestfs'

For OCaml bindings, install 'ocaml-libguestfs-devel'.

For Perl bindings, install 'perl-Sys-Guestfs'.

For PHP bindings, install 'php-libguestfs'.

For Python bindings, install 'python-libguestfs'.

For Ruby bindings, install 'ruby-libguestfs'.

--------------------------------------------------------------------------------
Update Information:

New upstream stable branch version 1.20.12, fixing CVE-2013-4419.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 17 2013 Richard W.M. Jones  - 1:1.20.12-1
- New upstream version 1.20.12.
* Tue Aug 27 2013 Richard W.M. Jones  - 1:1.20.11-1
- New stable branch version 1.20.11.
* Fri Jul 26 2013 Richard W.M. Jones  - 1:1.20.10-1
- New stable branch version 1.20.10.
- Remove patch, now upstream.
* Thu Jul 11 2013 Richard W.M. Jones  - 1:1.20.9-3
- Rebuild against new dosfstools.
- Include upstream patch to fix double-free if appliance
  building fails (RHBZ#983218).
* Fri Jul  5 2013 Richard W.M. Jones  - 1:1.20.9-2
- Bump and rebuild.
* Fri Jun 14 2013 Richard W.M. Jones  - 1:1.20.9-1
- New upstream stable branch version 1.20.9.
* Mon Jun  3 2013 Richard W.M. Jones  - 1:1.20.8-1
- New upstream stable branch version 1.20.8.
  This contains a complete fix for CVE-2013-2124.
* Tue May 28 2013 Richard W.M. Jones  - 1:1.20.7-1
- New upstream stable branch version 1.20.7.
- Remove 3x patches which are now upstream.
* Tue May 28 2013 Richard W.M. Jones  - 1:1.20.6-3
- Fix a denial-of-service (double-free) which can be forced by guests.
  https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
* Mon Apr 29 2013 Richard W.M. Jones  - 1:1.20.6-2
- Fix broken quoting in tar-out and base64-out commands (RHBZ#957797).
* Thu Apr 11 2013 Richard W.M. Jones  - 1:1.20.6-1
- New upstream stable branch version 1.20.6.
- This includes a full fix for RHBZ#948324.
* Tue Apr  9 2013 Richard W.M. Jones  - 1:1.20.5-2
- Add a dependency on libosinfo (partial fix for RHBZ#948324).
* Sun Mar 31 2013 Richard W.M. Jones  - 1:1.20.5-1
- New upstream stable branch version 1.20.5.
- Remove ruby vendor patch.
- Set INSTALLDIRS=vendor on both make and make install rules.
* Wed Mar 13 2013 Richard W.M. Jones  - 1:1.20.4-1
- New upstream stable branch version 1.20.4.
* Tue Mar  5 2013 Richard W.M. Jones  - 1:1.20.3-1
- New upstream stable branch version 1.20.3.
* Fri Feb 15 2013 Richard W.M. Jones  - 1:1.20.2-4
- Disable xfs_growfs test because xfs is broken on F18 (see RHBZ#909602).
- Disable virt-make-fs using btrfs (because of RHBZ#863978).
- Depend on openjdk instead of GCJ-based java.
- Add libguestfs-gobject-1.0.pc.
- Add explicit dependency on libcap, needed by the appliance.
* Thu Feb 14 2013 Richard W.M. Jones  - 1:1.20.2-2
- New upstream stable branch version 1.20.2.
* Fri Jan 18 2013 Richard W.M. Jones  - 1:1.20.1-3
- Bump and rebuild.
* Thu Dec 20 2012 Richard W.M. Jones  - 1:1.20.1-2
- New upstream stable branch version 1.20.1.
- Remove all RHEL-specific hacks since I've now branched RHEL 7.
- Add BR yajl-devel (RHBZ#887812).
* Mon Dec 17 2012 Richard W.M. Jones  - 1:1.20.0-2
- Use 'make check -k' so we get to see all test failures at once.
- For RHEL 7:
  * Do not depend on perl(Expect) (only needed to test virt-rescue).
  * Depend on /usr/bin/qemu-img instead of qemu-img package, since the
    package name (but not the binary) is different in RHEL 7.
  * Add workaround for libvirt/KVM bug RHBZ#878406.
  * Do not depend on libvirt-daemon-qemu.
  * Do not depend on libldm (not yet in RHEL 7: RHBZ#887894).
* Thu Dec 13 2012 Richard W.M. Jones  - 1:1.20.0-1
- New upstream version 1.20.0.
- New source URL for this branch.
- Reconcile upstream packagelist, BRs and Requires lists.
- Requires newest SELinux policy so that SVirt works.
- Fix patch 2.  Actually, remove and replace with a small script.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016960 - CVE-2013-4419 libguestfs: insecure temporary
directory handling for guestfish's network socket
        https://bugzilla.redhat.com/show_bug.cgi?id=1016960
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libguestfs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 8ms