CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
89.5%
CentOS Errata and Security Advisory CESA-2016:2576
The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.
Virt-p2v is a tool for conversion of a physical server to a virtual guest.
The following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766)
Security Fix(es):
Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029881.html
Affected packages:
libguestfs
libguestfs-bash-completion
libguestfs-devel
libguestfs-gfs2
libguestfs-gobject
libguestfs-gobject-devel
libguestfs-gobject-doc
libguestfs-inspect-icons
libguestfs-java
libguestfs-java-devel
libguestfs-javadoc
libguestfs-man-pages-ja
libguestfs-man-pages-uk
libguestfs-rescue
libguestfs-rsync
libguestfs-tools
libguestfs-tools-c
libguestfs-xfs
lua-guestfs
ocaml-libguestfs
ocaml-libguestfs-devel
perl-Sys-Guestfs
python-libguestfs
ruby-libguestfs
virt-dib
virt-v2v
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2576
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
89.5%