Scientific Linux Security Update : virt-v2v on SL6.x x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

virt-v2v is a tool for converting and importing virtual machines to
libvirt-managed KVM (Kernel-based Virtual Machine).

Using virt-v2v to convert a guest that has a password-protected VNC
console to a KVM guest removed that password protection from the
converted guest: after conversion, a password was not required to
access the converted guest's VNC console. Now, converted guests will
require the same VNC console password as the original guest. Note that
when converting a guest to run on RHEV, virt-v2v will display a
warning that VNC passwords are not supported. (CVE-2011-1773)

Bug fixes :

- When converting a guest virtual machine (VM), whose name
contained certain characters, virt-v2v would create a
converted guest with a corrupted name. Now, virt-v2v
will not corrupt guest names.

- There were numerous usability issues when running
virt-v2v as a non-root user. This update makes it
simpler to run virt-v2v as a non-root user.

- virt-v2v failed to convert a Microsoft Windows guest
with Windows Recovery Console installed in a separate
partition. Now, virt-v2v will successfully convert a
guest with Windows Recovery Console installed in a
separate partition by ignoring that partition.

- virt-v2v failed to convert a Linux guest which did not
have the symlink '/boot/grub/menu.lst'. With this
update, virt-v2v can select a grub configuration file
from several places.

- This update removes information about the usage of
deprecated command line options in the virt-v2v man
page.

- virt-v2v would fail to correctly change the allocation
policy, (sparse or preallocated) when converting a guest
with QCOW2 image format. The error message 'Cannot
import VM, The selected disk configuration is not
supported' was displayed. With this update, allocation
policy changes to a guest with QCOW2 storage will work
correctly.

- The options '--network' and '--bridge' can not be used
in conjunction when converting a guest, but no error
message was displayed. With this update, virt-v2v will
now display an error message if the mutually exclusive
'--network' and '--bridge' command line options are both
specified.

- virt-v2v failed to convert a multi-boot guest, and did
not clean up temporary storage and mount points after
failure. With this update, virt-v2v will prompt for
which operating system to convert from a multi-boot
guest, and will correctly clean up if the process fails.

- virt-v2v failed to correctly configure modprobe aliases
when converting a VMware ESX guest with VMware Tools
installed. With this update, modprobe aliases will be
correctly configured.

- When converting a guest with preallocated raw storage
using the libvirtxml input method, virt-v2v failed with
the erroneous error message 'size(X) < usage(Y)'. This
update removes this erroneous error.

- When converting a Linux guest, virt-v2v did not check
that the Cirrus X driver was available before
configuring it. With this update, virt-v2v will attempt
to install the Cirrus X driver if it is required.

- VirtIO systems do not support the Windows Recovery
Console on 32-bit Windows XP. The virt-v2v man page has
been updated to note this. On Windows XP Professional
x64 Edition, however, if Windows Recovery Console is
re-installed after conversion, it will work as expected.

- Placing comments in the guest fstab file by means of the
leading '#' symbol caused an 'unknown filesystem' error
after conversion of a guest. With this update comments
can now be used and error messages will not be
displayed.

Users of virt-v2v should upgrade to this updated package, which fixes
these issues and upgrades virt-v2v to version 0.8.3.

See also :

http://www.nessus.org/u?8892143a

Solution :

Update the affected virt-v2v package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61201 ()

Bugtraq ID:

CVE ID: CVE-2011-1773