Bug 1313660

Summary: [On-Demand Image] Red Hat Enterprise image update request for Azure
Product: Red Hat Enterprise Linux 7 Reporter: mingzhan
Component: WALinuxAgentAssignee: Yue Zhang <yuezha>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 7.2CC: anderson, borisb, jjarvis, leiwang, wshi, yuxisun
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-15 09:35:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description mingzhan 2016-03-02 07:19:17 UTC 
Note: This is NOT a WALA bug,
As discussion with Jerome in regular Microsoft & Red Hat meeting, we will use bugzilla to track the On-Demand image update cycle here in short term until a new tool is identified.

Detail for this RHEL image update request for Azure:

Update Reason:
-Security alert about CVE-2015-7547 from Azure Security team and Red Hat team.
-Bug fix for latest RHEL image bug - showing "not registered" when running "yum update".
-Bug fix for Bug 1292075 - [RHEL 7.2 RC Snapshot4] [Hyper-V] Kernel panic when hot remove scsi disks [rhel-7.2.z]
-Security alert about the OpenSSL DROWN vulnerability from Azure Security team and Red Hat team.

Update Scope:
RHEL 6.7, 7.2 On-Demand Images

Base Images:
rhel-67-20160214
rhel-72-20160214

Update Content:
1)      Security update errata for Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547)
2)      Solution for latest support case: RHEL VM created from On-Demand Image is showing "not registered" when running "yum update"
3)      The errata for bug 1292075: 
        https://rhn.redhat.com/errata/RHSA-2016-0185.html  
4)      The fix for the OpenSSL DROWN vulnerability https://access.redhat.com/security/vulnerabilities/drown

WALA version:
2.0.16 from Red hat extra repo.
Comment 2 Yuxin Sun 2016-12-15 09:23:54 UTC 
Hi borisb,

We've shipped WALinuxAgent-2.2.0-2.el6 and WALinuxAgent-2.2.0-3.el7 packages. If you plan to change the on-demand RHEL images, please let us know. Thanks!

Best regards,
Yuxin Sun
Comment 3 Yuxin Sun 2016-12-15 09:35:41 UTC 
Close this issue because the relevant messages are not available any more. The on-demand RHEL image messages will be updated into the "Request to package WALA" bugs.