[SECURITY] Fedora 19 Update: libguestfs-1.22.7-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Sun Oct 27 05:32:56 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-19492
2013-10-19 07:32:56
--------------------------------------------------------------------------------

Name        : libguestfs
Product     : Fedora 19
Version     : 1.22.7
Release     : 1.fc19
URL         : http://libguestfs.org/
Summary     : Access and modify virtual machine disk images
Description :
Libguestfs is a library for accessing and modifying guest disk images.
Amongst the things this is good for: making batch configuration
changes to guests, getting disk used/free statistics (see also:
virt-df), migrating between virtualization systems (see also:
virt-p2v), performing partial backups, performing partial guest
clones, cloning guests and changing registry/UUID/hostname info, and
much else besides.

Libguestfs uses Linux kernel and qemu code, and can access any type of
guest filesystem that Linux and qemu can, including but not limited
to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition
schemes, qcow, qcow2, vmdk.

Libguestfs provides ways to enumerate guest storage (eg. partitions,
LVs, what filesystem is in each LV, etc.).  It can also run commands
in the context of the guest.

Libguestfs is a library that can be linked with C and C++ management
programs.

For high level virt tools, guestfish (shell scripting and command line
access), and guestmount (mount guest filesystems using FUSE), install
'libguestfs-tools'.

For shell scripting and command line access, install 'guestfish'.

To mount guest filesystems on the host using FUSE, install
'libguestfs-mount'.

For Erlang bindings, install 'erlang-libguestfs'.

For GObject bindings and GObject Introspection, install
'libguestfs-gobject-devel'.

For Java bindings, install 'libguestfs-java-devel'.

For Lua bindings, install 'lua-guestfs'

For OCaml bindings, install 'ocaml-libguestfs-devel'.

For Perl bindings, install 'perl-Sys-Guestfs'.

For PHP bindings, install 'php-libguestfs'.

For Python bindings, install 'python-libguestfs'.

For Ruby bindings, install 'ruby-libguestfs'.

--------------------------------------------------------------------------------
Update Information:

New upstream stable branch version 1.22.7, fixing CVE-2013-4419.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 17 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.7-1
- New upstream version 1.22.7.
* Tue Aug 27 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.6-1
- New stable branch version 1.22.6.
* Fri Jul 26 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.5-1
- New stable branch version 1.22.5.
- Remove patch, now upstream.
* Thu Jul 11 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.4-2
- Include upstream patch to fix double-free if appliance
  building fails (RHBZ#983218).
* Tue Jul  9 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.4-1
- New upstream stable branch version 1.22.4.
* Fri Jul  5 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.3-2
- Bump and rebuild.
* Fri Jun 14 2013 Richard W.M. Jones <rjones at redhat.com> - 1:1.22.3-1
- New upstream stable branch version 1.22.3.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016960 - CVE-2013-4419 libguestfs: insecure temporary directory handling for guestfish's network socket
        https://bugzilla.redhat.com/show_bug.cgi?id=1016960
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libguestfs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list