Issued:
2022-11-15
Updated:
2022-11-15

RHSA-2022:7968 - Security Advisory

Synopsis

Low: virt-v2v security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for virt-v2v is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The virt-v2v package provides a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible.

Security Fix(es):

  • libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64

Fixes

  • BZ - 1684075 - Virt-v2v can't convert a guest from VMware via nbdkit-vddk if original guest disk address is irregular
  • BZ - 1774386 - input_vmx: cleanly reject guests with snapshots when using "-it ssh"
  • BZ - 1788823 - Virt-v2v firstboot scripts should run in order, with v2v network configuration happening first
  • BZ - 1817050 - Can't convert guest from VMware with non-admin account and vddk >=7.0 by virt-v2v
  • BZ - 1848862 - There is nbdkit curl error info if convert a guest from VMware without vddk by administrator account
  • BZ - 1854275 - document that vmx+ssh "-ip" auth doesn't cover ssh / scp shell commands
  • BZ - 1868048 - [RFE]virt-v2v should install qemu-ga on debian guest during the conversion
  • BZ - 1883802 - -i vmx: SATA disks are not parsed
  • BZ - 1985830 - Start or remove VM failure even v2v has already finished
  • BZ - 2003503 - There is virt-v2v warning: fstrim on guest filesystem /dev/mapper/osprober-linux-sdb1 failed if non-os disk of source guest has few/no inodes lef
  • BZ - 2028764 - Install the qemu-guest-agent package during the conversion process
  • BZ - 2039597 - Failed to import VM when selecting OVA as a source on RHV webadmin
  • BZ - 2047660 - Add '--compressed' support in modular v2v
  • BZ - 2051564 - [RFE]Limiting the maximum number of disks per guest for v2v conversions
  • BZ - 2059287 - RFE: Rebase virt-v2v to 2.0 in RHEL 9.1
  • BZ - 2062360 - RFE: Virt-v2v should replace hairy "enable LEGACY crypto" advice which a more targeted mechanism
  • BZ - 2064178 - nothing provides openssh-clients >= 8.8p1 needed by virt-v2v-1:2.0.0-1.el9.x86_64
  • BZ - 2066773 - The /tmp/v2v.XXXX directory has incorrect permisison if run v2v by root
  • BZ - 2069768 - Import of OVA fails if the user/group name contains spaces
  • BZ - 2070186 - fix virtio-vsock check (for Linux guests) in virt-v2v
  • BZ - 2070530 - Virt-v2v can't convert guest when os is installed on nvme disk via vmx+ssh
  • BZ - 2074026 - Remove -o json option
  • BZ - 2074801 - do not pass "--non-bootable --read-write" to "volume create " in openstack output module
  • BZ - 2074805 - -o qemu mode fails with: qemu-system-x86_64: -balloon: invalid option and other problems
  • BZ - 2076013 - RHEL9.1 guest can't boot into OS after v2v conversion
  • BZ - 2082603 - virt-v2v -o qemu prints cosmetic warning: "warning: short-form boolean option 'readonly' deprecated"
  • BZ - 2094779 - missing python dependency in rhel9.1
  • BZ - 2100862 - CVE-2022-2211 libguestfs: Buffer overflow in get_keys leads to DoS
  • BZ - 2101665 - "/dev/nvme0n1" is not remapped to "/dev/vda" (etc) in boot config files such as "/boot/grub2/device.map"
  • BZ - 2107503 - RHEL 8.6 VM with "qemu64" CPU model can't start because "the CPU is incompatible with host CPU: Host CPU does not provide required features: svm"
  • BZ - 2112801 - RHEL9 guest hangs during boot after conversion by virt-p2v
  • BZ - 2116811 - virt-v2v: error: internal error: assertion failed at linux_kernels.ml, line 190, char 11

Red Hat Enterprise Linux for x86_64 9

SRPM
virt-v2v-2.0.7-6.el9.src.rpm SHA-256: e6984595278d2d9e8a0547418ef0e01083d9e46aa0b74cfb1ca2d09895aa9ee3
x86_64
virt-v2v-2.0.7-6.el9.x86_64.rpm SHA-256: 6689b66cc419a746a1a2ec76e263dcd2d8278d12507038c1a94ca17311814f4e
virt-v2v-bash-completion-2.0.7-6.el9.noarch.rpm SHA-256: f9a9076aa6e76bfbd96b7b08ab0a6e155b5155b61900867fd92ddddee12676ac
virt-v2v-debuginfo-2.0.7-6.el9.x86_64.rpm SHA-256: 51c2956b0c1c2f192e92667cafaea9850153371b96f625870a81682c442e4d8b
virt-v2v-debugsource-2.0.7-6.el9.x86_64.rpm SHA-256: 63cecca486b7d280fb11e4d8795e98df4491d9587d1c9472e6d9f1725a710951

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
virt-v2v-man-pages-ja-2.0.7-6.el9.noarch.rpm SHA-256: 3b4734fe2d66dfc6907af995a3b1ed1b4c5ce83ce690cf02255e8eae7ceac329
virt-v2v-man-pages-uk-2.0.7-6.el9.noarch.rpm SHA-256: 8cd9076fc853e79a65b0bbf213dbaa24f0b07357c7ce4bb63f2ec98be4030ab9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.