CentOS Local Security Checks : CentOS Update for libguestfs CESA-2012:0774 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881146

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for libguestfs CESA-2012:0774 centos6

Zusammenfassung: The remote host is missing an update for the 'libguestfs'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libguestfs'
package(s) announced via the referenced advisory.

Vulnerability Insight:
libguestfs is a library for accessing and modifying guest disk images.

It was found that editing files with virt-edit left said files in a
world-readable state (and did not preserve the file owner or
Security-Enhanced Linux context). If an administrator on the host used
virt-edit to edit a file inside a guest, the file would be left with
world-readable permissions. This could lead to unprivileged guest users
accessing files they would otherwise be unable to. (CVE-2012-2690)

These updated libguestfs packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical
Notes for information on the most significant of these changes.

Users of libguestfs are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.

Affected Software/OS:
libguestfs on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-2690
49431
http://secunia.com/advisories/49431
49545
http://secunia.com/advisories/49545
53932
http://www.securityfocus.com/bid/53932
RHSA-2012:0774
http://rhn.redhat.com/errata/RHSA-2012-0774.html
[Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images
https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html
libguestfs-virtedit-info-disc(76220)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76220

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881146
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for libguestfs CESA-2012:0774 centos6
Zusammenfassung:	The remote host is missing an update for the 'libguestfs'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the referenced advisory. Vulnerability Insight: libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. (CVE-2012-2690) These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users of libguestfs are advised to upgrade to these updated packages, which fix these issues and add these enhancements. Affected Software/OS: libguestfs on CentOS 6 Solution: Please install the updated packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2690 49431 http://secunia.com/advisories/49431 49545 http://secunia.com/advisories/49545 53932 http://www.securityfocus.com/bid/53932 RHSA-2012:0774 http://rhn.redhat.com/errata/RHSA-2012-0774.html [Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html libguestfs-virtedit-info-disc(76220) https://exchange.xforce.ibmcloud.com/vulnerabilities/76220
Copyright	Copyright (C) 2012 Greenbone AG