[SECURITY] Fedora 13 Update: libguestfs-1.6.0-1.fc13.1

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 11 22:20:43 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17202
2010-11-03 20:29:00
--------------------------------------------------------------------------------

Name        : libguestfs
Product     : Fedora 13
Version     : 1.6.0
Release     : 1.fc13.1
URL         : http://libguestfs.org/
Summary     : Access and modify virtual machine disk images
Description :
Libguestfs is a library for accessing and modifying guest disk images.
Amongst the things this is good for: making batch configuration
changes to guests, getting disk used/free statistics (see also:
virt-df), migrating between virtualization systems (see also:
virt-p2v), performing partial backups, performing partial guest
clones, cloning guests and changing registry/UUID/hostname info, and
much else besides.

Libguestfs uses Linux kernel and qemu code, and can access any type of
guest filesystem that Linux and qemu can, including but not limited
to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition
schemes, qcow, qcow2, vmdk.

Libguestfs provides ways to enumerate guest storage (eg. partitions,
LVs, what filesystem is in each LV, etc.).  It can also run commands
in the context of the guest.

Libguestfs is a library that can be linked with C and C++ management
programs.

See also the 'guestfish' package for shell scripting and command line
access, and 'libguestfs-mount' for mounting guest filesystems on the
host using FUSE.

For Perl bindings, see 'perl-libguestfs'.

For OCaml bindings, see 'ocaml-libguestfs-devel'.

For Python bindings, see 'python-libguestfs'.

For Ruby bindings, see 'ruby-libguestfs'.

For Java bindings, see 'libguestfs-java-devel'.

For PHP bindings, see 'php-libguestfs'.

--------------------------------------------------------------------------------
Update Information:

This update moved from the heavily patched version of
stable 1.4 that we offered previously in Fedora 13, to the
new stable branch 1.6.  Please note the low-risk security
problem which is fixed in this release.

CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html

Fix networking in the appliance.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  2 2010 Richard Jones <rjones at redhat.com> - 1:1.6.0-1.fc13.1
- Move to the new upstream stable branch, version 1.6.0.  Despite the
  apparent version number jump, this is similar to the heavily patched
  version that we were shipping before, but with many bugs fixed.
- Includes fix for libguestfs: missing disk format specifier when adding a disk
  (RHBZ#642934, CVE-2010-3851).
- Backport blockdev --rereadpt test fix.
* Thu Oct 28 2010 Marek Goldmann <mgoldman at redhat.com> - 1:1.4.3-5
- Fix networking in the appliance.
* Fri Aug 27 2010 Richard Jones <rjones at redhat.com> - 1:1.4.3-4
- Change the mirror so local builds use Fedora 13 repo.
* Fri Aug 27 2010 Richard Jones <rjones at redhat.com> - 1:1.4.3-3
- Use bug-fixed febootstrap 2.9.
* Fri Aug 27 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.3-2
- Patch program doesn't restore permissions on new files correctly, so
  chmod the new files by hand.
* Fri Aug 27 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.3-1
- New stable branch version 1.4.3.
- Backport major features from development branch, see:
  https://www.redhat.com/archives/libguestfs/2010-August/msg00143.html
- Run autoreconf by hand after prepping.
- Run the generator by hand before building.
* Tue Aug 17 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.2-1.1
- New stable branch version 1.4.2.
- Workaround bug that still exists in Gnulib test getlogin_r.
* Tue Jul 20 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.1-1.2
- Requires binutils (RHBZ#616437).
* Mon Jul 19 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.1-1.1
- Fix libguestfs-find-requires.sh for new location of hostfiles (RHBZ#615946).
* Mon Jul 12 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.1-1
- New stable branch version 1.4.1.
* Thu Jul  8 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.0-2
- Include RELEASE-NOTES in devel package.
* Thu Jul  8 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.4.0-1
- New upstream stable branch 1.4.0.
- Uses febootstrap-supermin-helper, and a different way of constructing
  the supermin appliance.
- Remove aug_clear patch, since this is included in 1.4 branch.
- Update BRs and Requires by comparing with Rawhide.
- New tool: virt-make-fs.
- New bash completion script.
* Thu Jul  1 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.9-3
- Add development aug_clear API call, needed by virt-v2v.
* Tue Jun  8 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.9-2
- Bump and rebuild for new openssl.
* Wed Jun  2 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.9-1
- New stable version 1.2.9.
- Fixes bugs 598807, 598309, 597145, 597135, 597118, 596776, 582993.
* Mon May 24 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.8-1
- New upstream branch version 1.2.8.
- Fixes RHBZ#501894.
* Thu May 20 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.7-2.1
- Bump and rebuild.
* Mon May 17 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.7-2
- New upstream stable branch version 1.2.7.
- Add BUGS file to documentation section.
* Fri May 14 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.6-1
- New upstream stable branch version 1.2.6.
* Fri Apr 30 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.5-2
- New upstream stable branch version 1.2.5.
- Contains a documentation fix for RHBZ#587582.
- Fixes: lvresize: Use --force so it can make LVs smaller (RHBZ#587484).
* Fri Apr 23 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.4-1
- New upstream stable branch version 1.2.4.
* Tue Apr 20 2010 Richard W.M. Jones <rjones at redhat.com> - 1:1.2.3-1
- New upstream stable branch version 1.2.3.
- Fixes: 582548, 583554, 582948, 582901, 582929, 582899, 582953,
  578407.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643958 - CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
        https://bugzilla.redhat.com/show_bug.cgi?id=643958
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libguestfs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list