An update was submitted to Fedora QA on April 8: https://admin.fedoraproject.org/updates/FEDORA-2015-5872/netcf-0.2.8-1.fc21?_csrf_token=e0a6c6bce78f6f99684f5382f1607a16ee0fa104 The issue was fixed in 0.2.7; Fedora is updating it to 0.2.8 to fix the issue. Mageia 4 and Mageia 5 are affected. Reproducible: Steps to Reproduce:
CC: (none) => fundawang, tmbWhiteboard: (none) => MGA5TOO, MGA4TOO
pushd in cauldron svn
CC: (none) => mageia
available in mga4 core/updates_testing
Updated packages uploaded for Mageia 4 and Cauldron. Thanks Nicolas! Advisory: ======================== Updated netcf packages fix security vulnerability: A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf (such as the libvirt daemon) to crash. The netcf package has been updated to version 0.2.8, fixing this issue and several other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8119 https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157713.html ======================== Updated packages in core/updates_testing: ======================== netcf-0.2.8-1.mga4 libnetcf1-0.2.8-1.mga4 libnetcf-devel-0.2.8-1.mga4 from netcf-0.2.8-1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
Please use the libvirt testing procedure to test this (unless you can find a PoC). Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14192#c7
Whiteboard: (none) => has_procedure
Testing complete mga4 32 Ensured an installation could be started in virt-manager.
Whiteboard: has_procedure => has_procedure mga4-32-ok
(In reply to claire robinson from comment #5) > Testing complete mga4 32 > > Ensured an installation could be started in virt-manager. urpmq --whatrequires lib64netcf1 only says libvirt-utils require that and I cannot see a link to it from its /usr/bin/* programs using ldd.
CC: (none) => shlomif
virt-manager requires libvirt-utils, it attempted to install it when run actually, maybe a missing require in virt-manager. Either way it updates without error.
Advisory uploaded.
Whiteboard: has_procedure mga4-32-ok => has_procedure advisory mga4-32-ok
Testing this for x86_64. Had to install virt-manager and lib64virt-utils for the test. Before the update virt-manager displayed the management window then froze - I think it was looking for a python package. After the update it raised an error: Error talking to PackageKit: The connection is closed Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/packageutils.py", line 54, in check_packagekit packagekit_install(parent, packages) File "/usr/share/virt-manager/virtManager/packageutils.py", line 66, in packagekit_install bus = Gio.bus_get_sync(Gio.BusType.SESSION, None) GError: The connection is closed The application reported: Could not detect a default hypervisor and something about virtualization packages "kvm, qemu, libvirt, etc." And it said a hypervisor connection can be manually added. I need to look that up.
CC: (none) => tarazed25
URL: (none) => http://lwn.net/Vulnerabilities/643922/
Well I really don't know what I am doing here. Clicked on localhost (QEMU) then file then Restore Saved Machine and then navigated to my VMs and selected one of them - shaula - then clicked on shaula.dvi or shaula.vbox and raised this error: Error restoring domain: operation failed: image magic is incorrect Can I assume that this is the bug manifesting itself and continue on to the update?
I'm not sure the process for importing vbox images Len. You can click to create a new machine though and give it an iso to use in the same way you would vbox. It creates machines in the / partition by default so use caution when sizing the disk and you might want to delete it when you've finished testing. Tested mga4 64 here anyway. Validating. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory mga4-32-ok => has_procedure advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0215.html
Status: NEW => RESOLVEDResolution: (none) => FIXED