RHSA-2022:7968 - Security Advisory

Topic

An update for virt-v2v is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The virt-v2v package provides a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible.

Security Fix(es):

• libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 9 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
• Red Hat Enterprise Linux Server - AUS 9.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
• Red Hat CodeReady Linux Builder for x86_64 9 x86_64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64

Fixes

• BZ - 1684075 - Virt-v2v can't convert a guest from VMware via nbdkit-vddk if original guest disk address is irregular
• BZ - 1774386 - input_vmx: cleanly reject guests with snapshots when using "-it ssh"
• BZ - 1788823 - Virt-v2v firstboot scripts should run in order, with v2v network configuration happening first
• BZ - 1817050 - Can't convert guest from VMware with non-admin account and vddk >=7.0 by virt-v2v
• BZ - 1848862 - There is nbdkit curl error info if convert a guest from VMware without vddk by administrator account
• BZ - 1854275 - document that vmx+ssh "-ip" auth doesn't cover ssh / scp shell commands
• BZ - 1868048 - [RFE]virt-v2v should install qemu-ga on debian guest during the conversion
• BZ - 1883802 - -i vmx: SATA disks are not parsed
• BZ - 1985830 - Start or remove VM failure even v2v has already finished
• BZ - 2003503 - There is virt-v2v warning: fstrim on guest filesystem /dev/mapper/osprober-linux-sdb1 failed if non-os disk of source guest has few/no inodes lef
• BZ - 2028764 - Install the qemu-guest-agent package during the conversion process
• BZ - 2039597 - Failed to import VM when selecting OVA as a source on RHV webadmin
• BZ - 2047660 - Add '--compressed' support in modular v2v
• BZ - 2051564 - [RFE]Limiting the maximum number of disks per guest for v2v conversions
• BZ - 2059287 - RFE: Rebase virt-v2v to 2.0 in RHEL 9.1
• BZ - 2062360 - RFE: Virt-v2v should replace hairy "enable LEGACY crypto" advice which a more targeted mechanism
• BZ - 2064178 - nothing provides openssh-clients >= 8.8p1 needed by virt-v2v-1:2.0.0-1.el9.x86_64
• BZ - 2066773 - The /tmp/v2v.XXXX directory has incorrect permisison if run v2v by root
• BZ - 2069768 - Import of OVA fails if the user/group name contains spaces
• BZ - 2070186 - fix virtio-vsock check (for Linux guests) in virt-v2v
• BZ - 2070530 - Virt-v2v can't convert guest when os is installed on nvme disk via vmx+ssh
• BZ - 2074026 - Remove -o json option
• BZ - 2074801 - do not pass "--non-bootable --read-write" to "volume create " in openstack output module
• BZ - 2074805 - -o qemu mode fails with: qemu-system-x86_64: -balloon: invalid option and other problems
• BZ - 2076013 - RHEL9.1 guest can't boot into OS after v2v conversion
• BZ - 2082603 - virt-v2v -o qemu prints cosmetic warning: "warning: short-form boolean option 'readonly' deprecated"
• BZ - 2094779 - missing python dependency in rhel9.1
• BZ - 2100862 - CVE-2022-2211 libguestfs: Buffer overflow in get_keys leads to DoS
• BZ - 2101665 - "/dev/nvme0n1" is not remapped to "/dev/vda" (etc) in boot config files such as "/boot/grub2/device.map"
• BZ - 2107503 - RHEL 8.6 VM with "qemu64" CPU model can't start because "the CPU is incompatible with host CPU: Host CPU does not provide required features: svm"
• BZ - 2112801 - RHEL9 guest hangs during boot after conversion by virt-p2v
• BZ - 2116811 - virt-v2v: error: internal error: assertion failed at linux_kernels.ml, line 190, char 11

CVEs

• CVE-2022-2211

References

• https://access.redhat.com/security/updates/classification/#low
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index