Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-1536)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123513

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2013-1536)

Zusammenfassung: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory.

Vulnerability Insight:
[1:1.20.11-2]
- Fix CVE-2013-4419: insecure temporary directory handling for
guestfish's network socket
resolves: rhbz#1019737

[1:1.20.11-1]
- Rebase to libguestfs 1.20.11.
resolves: rhbz#958183
- Remove buildnet: builds now detect network automatically.
- The rhel-6.x branches containing the patches used in RHEL are
now stored on a public git repository
([link moved to references]).
- Compare spec file to Fedora 18 and fix where necessary.
- Backport new APIs part-get-gpt-type and part-set-gpt-type
resolves: rhbz#965495
- Fix DoS (abort) due to a double free flaw when inspecting certain guest
files / images (CVE-2013-2124)
resolves: rhbz#968337
- libguestfs-devel should depend on an explicit version of
libguestfs-tools-c, in order that the latest package is pulled in.
- Rebuild against Augeas >= 1.0.0-5
resolves: rhbz#971207
- Backport Windows inspection changes
resolves: rhbz#971090
- Add back state test commands to guestfish
resolves: rhbz#971664
- Work around problem with ntfsresize command in RHEL 6
resolves: rhbz#971326
- Fix txz-out API
resolves: rhbz#972413
- Move virt-sysprep to the libguestfs-tools-c package since it's no longer
a shell script
resolves: rhbz#975572
- Fix hostname inspection because of faulty Augeas path expression
resolves: rhbz#975377
- Calculate appliance root correctly when iface drives are added
resolves: rhbz#975760
- Add notes about resizing Windows disk images to virt-resize documentation
resolves: rhbz#975753
- Remove dependency on lsscsi, not available in 6Client
resolves: rhbz#973425
- Fix yum cache copy so it works if there are multiple repos
resolves: rhbz#980502
- Fix hivex-commit API to fail with relative paths
resolves: rhbz#980372
- Better documentation for filesystem-available API
resolves: rhbz#980358
- Fix double free when kernel link fails during launch
resolves: rhbz#983690
- Fix virt-sysprep --firstboot option
resolves: rhbz#988863
- Fix cap-get-file so it returns empty string instead of error on no cap
resolves: rhbz#989352
- Better documentation for acl-set-file
resolves: rhbz#985269
- Fix bogus waitpid error when using guestfish --remote
resolves: rhbz#996825
- Disable 9p support
resolves: rhbz#997884
- Document that guestfish --remote doesn't work with certain other arguments
resolves: rhbz#996039
- Enable kvmclock in the appliance to reduce clock instability
resolves: rhbz#998108
- Fix 'sh' command before mount causes daemon to segfault
resolves: rhbz#1000122
- Various fixes to tar-out 'excludes' (RHBZ#1001875)
- Document use of glob + rsync-out (RHBZ#1001876)
- Document mke2fs blockscount (RHBZ#1002032)

Affected Software/OS:
'libguestfs' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:A/AC:H/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4419
https://bugzilla.redhat.com/show_bug.cgi?id=1016960
https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html
RedHat Security Advisories: RHSA-2013:1536
http://rhn.redhat.com/errata/RHSA-2013-1536.html
http://secunia.com/advisories/55813
SuSE Security Announcement: SUSE-SU-2013:1626 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123513
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-1536)
Zusammenfassung:	The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory. Vulnerability Insight: [1:1.20.11-2] - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz#1019737 [1:1.20.11-1] - Rebase to libguestfs 1.20.11. resolves: rhbz#958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches used in RHEL are now stored on a public git repository ([link moved to references]). - Compare spec file to Fedora 18 and fix where necessary. - Backport new APIs part-get-gpt-type and part-set-gpt-type resolves: rhbz#965495 - Fix DoS (abort) due to a double free flaw when inspecting certain guest files / images (CVE-2013-2124) resolves: rhbz#968337 - libguestfs-devel should depend on an explicit version of libguestfs-tools-c, in order that the latest package is pulled in. - Rebuild against Augeas >= 1.0.0-5 resolves: rhbz#971207 - Backport Windows inspection changes resolves: rhbz#971090 - Add back state test commands to guestfish resolves: rhbz#971664 - Work around problem with ntfsresize command in RHEL 6 resolves: rhbz#971326 - Fix txz-out API resolves: rhbz#972413 - Move virt-sysprep to the libguestfs-tools-c package since it's no longer a shell script resolves: rhbz#975572 - Fix hostname inspection because of faulty Augeas path expression resolves: rhbz#975377 - Calculate appliance root correctly when iface drives are added resolves: rhbz#975760 - Add notes about resizing Windows disk images to virt-resize documentation resolves: rhbz#975753 - Remove dependency on lsscsi, not available in 6Client resolves: rhbz#973425 - Fix yum cache copy so it works if there are multiple repos resolves: rhbz#980502 - Fix hivex-commit API to fail with relative paths resolves: rhbz#980372 - Better documentation for filesystem-available API resolves: rhbz#980358 - Fix double free when kernel link fails during launch resolves: rhbz#983690 - Fix virt-sysprep --firstboot option resolves: rhbz#988863 - Fix cap-get-file so it returns empty string instead of error on no cap resolves: rhbz#989352 - Better documentation for acl-set-file resolves: rhbz#985269 - Fix bogus waitpid error when using guestfish --remote resolves: rhbz#996825 - Disable 9p support resolves: rhbz#997884 - Document that guestfish --remote doesn't work with certain other arguments resolves: rhbz#996039 - Enable kvmclock in the appliance to reduce clock instability resolves: rhbz#998108 - Fix 'sh' command before mount causes daemon to segfault resolves: rhbz#1000122 - Various fixes to tar-out 'excludes' (RHBZ#1001875) - Document use of glob + rsync-out (RHBZ#1001876) - Document mke2fs blockscount (RHBZ#1002032) Affected Software/OS: 'libguestfs' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4419 https://bugzilla.redhat.com/show_bug.cgi?id=1016960 https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html RedHat Security Advisories: RHSA-2013:1536 http://rhn.redhat.com/errata/RHSA-2013-1536.html http://secunia.com/advisories/55813 SuSE Security Announcement: SUSE-SU-2013:1626 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html
Copyright	Copyright (C) 2015 Greenbone AG