Univention Bugzilla – Full Text Bug Listing |
Summary: | libvirt: multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P4 | CC: | gohmann, hahn |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=32744 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 40318, 41719 |
Description
Arvid Requate
2015-12-21 12:26:38 CET
The issue is minor and tagged no-dsa in Debian: <https://security-tracker.debian.org/tracker/CVE-2015-5313> As we need to update libvirt anyway from our own 1.2.7, switch to 1.2.9 from Debian-Wheezy, which is maintained. The CVE was fixed by me for Debian, currently waiting for upload to jessie-proposed-updates. Please note that UCS-3.3 also uses 1.2.9, so the version in 4.0 is actually lower than in 3.3! $ repo_admin.py --cherrypick -r 4.0 -s errata4.0-4 --releasedest 4.1 --dest errata4.1-1 -p libvirt r16168 | patch Package: libvirt Version: 1.2.9-9+deb8u2.138.201603111914 Branch: ucs_4.1-0 Scope: errata4.1-1 r68044 | Bug #40317 libvirt: YAML libvirt.yaml repo_admin.py --cherrypick -r 4.0 --releasedest 4.1 --dest errata4.1-1 -p libnl Package: libnl Version: 1.1-7.15.201603141220 Branch: ucs_4.1-0 Scope: errata4.1-1 r68064 | Bug #40317 libnl: YAML libnl.yaml See Jenkins tests: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-1/job/Autotest%20MultiEnv/lastCompletedBuild/SambaVersion=s3,Systemrolle=member/testReport/20_appcenter/20_can_apps_be_installed/test/ [2016-03-14 20:41:39.117882]Die folgenden Pakete haben unerfüllte Abhängigkeiten: [2016-03-14 20:41:39.117989] univention-virtual-machine-manager-node-kvm : Hängt ab von: libvirt-daemon-system soll aber nicht installiert werden (2016-03-14 20:41:39.129813)E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete. (In reply to Philipp Hahn from comment #2) > repo_admin.py --cherrypick -r 4.0 --releasedest 4.1 --dest errata4.1-1 -p > libnl > > Package: libnl > Version: 1.1-7.15.201603141220 > Branch: ucs_4.1-0 > Scope: errata4.1-1 Maybe the package is not yet maintained? $ repo_admin.py --cherrypick -r 4.0 --releasedest 4.1 --dest errata4.1-1 -p netcf Package: netcf Version: 0.1.9-2.5.201603151048 Branch: ucs_4.1-0 Scope: errata4.1-1 r68089 | Bug #40317 netcf: YAML netcf.yaml Reopn: As this is the same version as Bug #40318, it suffers from the same issues, see there. r16477 | Bug #40318 libvirt: qemu-kvm-1.1.2 JSON migration Package: libvirt Version: 1.2.9-9+deb8u2.141.201605091248 Branch: ucs_4.1-0 Scope: errata4.1-1 OK: Patch for live migration applied OK: Functionality OK: I moved the yaml file to ucs 4.1-2 and adapted it to be released for 4.1-1,2 r69256 r69257 Verified r69346 | Bug #40317 libvirt: Move additional YAML files |