On Mon, Sep 16, 2013 at 4:12 PM, Gianluca Cecchi wrote:
On Mon, Sep 16, 2013 at 3:41 PM, Eric Blake wrote:
On 09/15/2013 07:55 AM, Gianluca Cecchi wrote:
I'm using what stock f18 repo gives today: [root@tekkaman ~]# rpm -q libvirt libvirt-0.10.2.7-1.fc18.x86_64
Known bug: CVE-2013-4291. Downgrade to 0.10.2.6, or wait for 0.10.2.8 to be released.
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
thanks. Uhm, not so easy. It seems it wants to downgrade to 0.10.2.2-3 (why?) and not 0.10.2.6 and vdsm complains about that.... Where to eventually find intermediate updates? I only found latest ones (so the broken ones...) on mirrors?
Just to notice that what worked for me online, without need of reboot of my all-in one f18 system was take notice of packages to downgrade, just for reference: rpm -qa | grep libvirt|grep 0.10.2.7-1 mkdir libvirt_downgrade cd libvirt_downgrade LIST=$(rpm -qa | grep libvirt|grep 0.10.2.7-1 | sed "s/0.10.2.7-1/0.10.2.6-1/") SITE="http://kojipkgs.fedoraproject.org/packages/libvirt/0.10.2.6/1.fc18/x86_64/" (note that it is indeed a "/" in 0.10.2.6/1 and not a "-") for pack in $LIST do wget ${SITE}${pack}.rpm done sudo rpm -Uvh --force *rpm connect to webadmin and start one of my WinXP VMs --> ok Gianluca