漏洞类别:RedHat
漏洞等级: 
漏洞信息
The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.
Virt-p2v is a tool for conversion of a physical server to a virtual guest.
The following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766)
Security Fix(es):
* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)
Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
漏洞危害
An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:2576 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论