Outdated (vulnerable) libvirt package in MOS 6.0
Bug #1534262 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
High
|
Denis Meltsaykin | ||
5.1.x |
Won't Fix
|
High
|
Denis Meltsaykin | ||
6.1.x |
Fix Released
|
High
|
Denis Meltsaykin | ||
7.0.x |
Fix Released
|
High
|
MOS Linux |
Bug Description
Problem description:
It was reported that Libvirt package shipping with MOS 6.0 is outdated.
More recent MOS versions are also affected by libvirt issue.
Solution proposal:
Merge libvirt security fix from upstream (CentOS, Ubuntu).
Upstream bug reports:
http://
https:/
Related Zendesk ticket:
https:/
Changed in mos: | |
milestone: | none → 6.0-mu-8 |
tags: | added: customer-found |
Changed in mos: | |
importance: | Undecided → High |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
description: | updated |
Changed in mos: | |
status: | New → Confirmed |
Changed in mos: | |
status: | In Progress → Fix Committed |
information type: | Private Security → Public Security |
Changed in mos: | |
status: | Fix Committed → Fix Released |
tags: | added: on-verification |
tags: | added: on-verification |
To post a comment you must log in.
For 5.1.1 & 6.0 Ubuntu-only we can do the backport from trusty. It has the 1.2.2 libvirt with latest patches. But for CentOS is everything not so easy. We have libvirt 1.2.5, and it looks like it is unsupported everywhere. We'll have to backport some new libvirt from Fedora, but it'll take a lot of time with testing.