RHEL 9 : virt-v2v (RHSA-2022:7968)

medium Nessus Plugin ID 167623

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7968 advisory.

The virt-v2v package provides a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible.

Security Fix(es):

* libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?1f1eb6cc

http://www.nessus.org/u?3556b694

https://access.redhat.com/security/updates/classification/#low

https://access.redhat.com/errata/RHSA-2022:7968

https://bugzilla.redhat.com/show_bug.cgi?id=1684075

https://bugzilla.redhat.com/show_bug.cgi?id=1774386

https://bugzilla.redhat.com/show_bug.cgi?id=1788823

https://bugzilla.redhat.com/show_bug.cgi?id=1817050

https://bugzilla.redhat.com/show_bug.cgi?id=1848862

https://bugzilla.redhat.com/show_bug.cgi?id=1854275

https://bugzilla.redhat.com/show_bug.cgi?id=1868048

https://bugzilla.redhat.com/show_bug.cgi?id=1883802

https://bugzilla.redhat.com/show_bug.cgi?id=1985830

https://bugzilla.redhat.com/show_bug.cgi?id=2003503

https://bugzilla.redhat.com/show_bug.cgi?id=2028764

https://bugzilla.redhat.com/show_bug.cgi?id=2039597

https://bugzilla.redhat.com/show_bug.cgi?id=2047660

https://bugzilla.redhat.com/show_bug.cgi?id=2051564

https://bugzilla.redhat.com/show_bug.cgi?id=2059287

https://bugzilla.redhat.com/show_bug.cgi?id=2062360

https://bugzilla.redhat.com/show_bug.cgi?id=2064178

https://bugzilla.redhat.com/show_bug.cgi?id=2066773

https://bugzilla.redhat.com/show_bug.cgi?id=2069768

https://bugzilla.redhat.com/show_bug.cgi?id=2070186

https://bugzilla.redhat.com/show_bug.cgi?id=2070530

https://bugzilla.redhat.com/show_bug.cgi?id=2074026

https://bugzilla.redhat.com/show_bug.cgi?id=2074801

https://bugzilla.redhat.com/show_bug.cgi?id=2074805

https://bugzilla.redhat.com/show_bug.cgi?id=2076013

https://bugzilla.redhat.com/show_bug.cgi?id=2082603

https://bugzilla.redhat.com/show_bug.cgi?id=2094779

https://bugzilla.redhat.com/show_bug.cgi?id=2100862

https://bugzilla.redhat.com/show_bug.cgi?id=2101665

https://bugzilla.redhat.com/show_bug.cgi?id=2107503

https://bugzilla.redhat.com/show_bug.cgi?id=2112801

https://bugzilla.redhat.com/show_bug.cgi?id=2116811

Plugin Details

Severity: Medium

ID: 167623

File Name: redhat-RHSA-2022-7968.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/16/2022

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2022-2211

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:virt-v2v-man-pages-uk, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:virt-v2v, p-cpe:/a:redhat:enterprise_linux:virt-v2v-man-pages-ja, p-cpe:/a:redhat:enterprise_linux:virt-v2v-bash-completion

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/15/2022

Vulnerability Publication Date: 7/12/2022

Reference Information

CVE: CVE-2022-2211

CWE: 119

RHSA: 2022:7968