[El-errata] ELSA-2013-1536 Moderate: Oracle Linux 6 libguestfs security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Nov 27 09:59:30 PST 2013 

Oracle Linux Security Advisory ELSA-2013-1536

https://rhn.redhat.com/errata/RHSA-2013-1536.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:

x86_64:
libguestfs-1.20.11-2.el6.x86_64.rpm
libguestfs-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-java-1.20.11-2.el6.x86_64.rpm
libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm
perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm
python-libguestfs-1.20.11-2.el6.x86_64.rpm
ruby-libguestfs-1.20.11-2.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libguestfs-1.20.11-2.el6.src.rpm



Description of changes:

[1:1.20.11-2]
- Fix CVE-2013-4419: insecure temporary directory handling for
   guestfish's network socket
   resolves: rhbz#1019737

[1:1.20.11-1]
- Rebase to libguestfs 1.20.11.
   resolves: rhbz#958183
- Remove buildnet: builds now detect network automatically.
- The rhel-6.x branches containing the patches used in RHEL are
   now stored on a public git repository
   (https://github.com/libguestfs/libguestfs/branches).
- Compare spec file to Fedora 18 and fix where necessary.
- Backport new APIs part-get-gpt-type and part-set-gpt-type
   resolves: rhbz#965495
- Fix DoS (abort) due to a double free flaw when inspecting certain guest
   files / images (CVE-2013-2124)
   resolves: rhbz#968337
- libguestfs-devel should depend on an explicit version of
   libguestfs-tools-c, in order that the latest package is pulled in.
- Rebuild against Augeas >= 1.0.0-5
   resolves: rhbz#971207
- Backport Windows inspection changes
   resolves: rhbz#971090
- Add back state test commands to guestfish
   resolves: rhbz#971664
- Work around problem with ntfsresize command in RHEL 6
   resolves: rhbz#971326
- Fix txz-out API
   resolves: rhbz#972413
- Move virt-sysprep to the libguestfs-tools-c package since it's no longer
   a shell script
   resolves: rhbz#975572
- Fix hostname inspection because of faulty Augeas path expression
   resolves: rhbz#975377
- Calculate appliance root correctly when iface drives are added
   resolves: rhbz#975760
- Add notes about resizing Windows disk images to virt-resize documentation
   resolves: rhbz#975753
- Remove dependency on lsscsi, not available in 6Client
   resolves: rhbz#973425
- Fix yum cache copy so it works if there are multiple repos
   resolves: rhbz#980502
- Fix hivex-commit API to fail with relative paths
   resolves: rhbz#980372
- Better documentation for filesystem-available API
   resolves: rhbz#980358
- Fix double free when kernel link fails during launch
   resolves: rhbz#983690
- Fix virt-sysprep --firstboot option
   resolves: rhbz#988863
- Fix cap-get-file so it returns empty string instead of error on no cap
   resolves: rhbz#989352
- Better documentation for acl-set-file
   resolves: rhbz#985269
- Fix bogus waitpid error when using guestfish --remote
   resolves: rhbz#996825
- Disable 9p support
   resolves: rhbz#997884
- Document that guestfish --remote doesn't work with certain other arguments
   resolves: rhbz#996039
- Enable kvmclock in the appliance to reduce clock instability
   resolves: rhbz#998108
- Fix 'sh' command before mount causes daemon to segfault
   resolves: rhbz#1000122
- Various fixes to tar-out 'excludes' (RHBZ#1001875)
- Document use of glob + rsync-out (RHBZ#1001876)
- Document mke2fs blockscount (RHBZ#1002032)

[1:1.16.34-2]
- Bump and rebuild to fix RHBZ#883559.

[1:1.16.34-1]
- Rebase to latest stable-1.16 branch version libguestfs 1.16.34.
- Include missing patch which adds <locale.h> to fuse/guestmount.c
   resolves: rhbz#883338
- Fix link to engineering git repo.
- Add workaround for bug in yum: RHBZ#883463.

[1:1.16.32-4]
- Fix: virt-df with two -a options displays incorrect disk image name
   resolves: rhbz#880805

[1:1.16.32-3]
- Set permissions of .guestfish files in home directories to 0600
   resolves: rhbz#843068
- Ignore /etc/release if /etc/redhat-release exists
   resolves: rhbz#872454

[1:1.16.32-2]
- Rebase to libguestfs 1.16.32 which includes a fix for inspection
   of Windows guests.
   resolves: rhbz#858126
- Skip test-mdadm.sh.

[1:1.16.31-4]
- Fix inspection of Windows guests (RHBZ#858126).
- Fix list-devices when different drive interfaces are used (RHBZ#858128).

[1:1.16.31-3]
- Add dependency on fuse.
   resolves: rhbz#836501
- Clarify the error message from resize2fs-M.
   resolves: rhbz#801640
- Increase limit on size of Windows registry for inspection (RHBZ#852396).
- Change virt-sparsify to work with old 'file' command (RHBZ#853763).
- Enable tests by adding an LD_PRELOAD workaround for RHBZ#563103.
- Tidy up comments in the check section.

[1:1.16.31-1]
- Rebase to libguestfs 1.16.31.
- Backport mount-local feature.
   resolves: rhbz#830135
- Include copy-patches.sh shell script.
- Simplify .gitignore.

More information about the El-errata mailing list