Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-1536)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123513

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2013-1536)

Resumen: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory.

Vulnerability Insight:
[1:1.20.11-2]
- Fix CVE-2013-4419: insecure temporary directory handling for
guestfish's network socket
resolves: rhbz#1019737

[1:1.20.11-1]
- Rebase to libguestfs 1.20.11.
resolves: rhbz#958183
- Remove buildnet: builds now detect network automatically.
- The rhel-6.x branches containing the patches used in RHEL are
now stored on a public git repository
([link moved to references]).
- Compare spec file to Fedora 18 and fix where necessary.
- Backport new APIs part-get-gpt-type and part-set-gpt-type
resolves: rhbz#965495
- Fix DoS (abort) due to a double free flaw when inspecting certain guest
files / images (CVE-2013-2124)
resolves: rhbz#968337
- libguestfs-devel should depend on an explicit version of
libguestfs-tools-c, in order that the latest package is pulled in.
- Rebuild against Augeas >= 1.0.0-5
resolves: rhbz#971207
- Backport Windows inspection changes
resolves: rhbz#971090
- Add back state test commands to guestfish
resolves: rhbz#971664
- Work around problem with ntfsresize command in RHEL 6
resolves: rhbz#971326
- Fix txz-out API
resolves: rhbz#972413
- Move virt-sysprep to the libguestfs-tools-c package since it's no longer
a shell script
resolves: rhbz#975572
- Fix hostname inspection because of faulty Augeas path expression
resolves: rhbz#975377
- Calculate appliance root correctly when iface drives are added
resolves: rhbz#975760
- Add notes about resizing Windows disk images to virt-resize documentation
resolves: rhbz#975753
- Remove dependency on lsscsi, not available in 6Client
resolves: rhbz#973425
- Fix yum cache copy so it works if there are multiple repos
resolves: rhbz#980502
- Fix hivex-commit API to fail with relative paths
resolves: rhbz#980372
- Better documentation for filesystem-available API
resolves: rhbz#980358
- Fix double free when kernel link fails during launch
resolves: rhbz#983690
- Fix virt-sysprep --firstboot option
resolves: rhbz#988863
- Fix cap-get-file so it returns empty string instead of error on no cap
resolves: rhbz#989352
- Better documentation for acl-set-file
resolves: rhbz#985269
- Fix bogus waitpid error when using guestfish --remote
resolves: rhbz#996825
- Disable 9p support
resolves: rhbz#997884
- Document that guestfish --remote doesn't work with certain other arguments
resolves: rhbz#996039
- Enable kvmclock in the appliance to reduce clock instability
resolves: rhbz#998108
- Fix 'sh' command before mount causes daemon to segfault
resolves: rhbz#1000122
- Various fixes to tar-out 'excludes' (RHBZ#1001875)
- Document use of glob + rsync-out (RHBZ#1001876)
- Document mke2fs blockscount (RHBZ#1002032)

Affected Software/OS:
'libguestfs' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:A/AC:H/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-4419
https://bugzilla.redhat.com/show_bug.cgi?id=1016960
https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html
RedHat Security Advisories: RHSA-2013:1536
http://rhn.redhat.com/errata/RHSA-2013-1536.html
http://secunia.com/advisories/55813
SuSE Security Announcement: SUSE-SU-2013:1626 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123513
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-1536)
Resumen:	The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2013-1536 advisory. Vulnerability Insight: [1:1.20.11-2] - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz#1019737 [1:1.20.11-1] - Rebase to libguestfs 1.20.11. resolves: rhbz#958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches used in RHEL are now stored on a public git repository ([link moved to references]). - Compare spec file to Fedora 18 and fix where necessary. - Backport new APIs part-get-gpt-type and part-set-gpt-type resolves: rhbz#965495 - Fix DoS (abort) due to a double free flaw when inspecting certain guest files / images (CVE-2013-2124) resolves: rhbz#968337 - libguestfs-devel should depend on an explicit version of libguestfs-tools-c, in order that the latest package is pulled in. - Rebuild against Augeas >= 1.0.0-5 resolves: rhbz#971207 - Backport Windows inspection changes resolves: rhbz#971090 - Add back state test commands to guestfish resolves: rhbz#971664 - Work around problem with ntfsresize command in RHEL 6 resolves: rhbz#971326 - Fix txz-out API resolves: rhbz#972413 - Move virt-sysprep to the libguestfs-tools-c package since it's no longer a shell script resolves: rhbz#975572 - Fix hostname inspection because of faulty Augeas path expression resolves: rhbz#975377 - Calculate appliance root correctly when iface drives are added resolves: rhbz#975760 - Add notes about resizing Windows disk images to virt-resize documentation resolves: rhbz#975753 - Remove dependency on lsscsi, not available in 6Client resolves: rhbz#973425 - Fix yum cache copy so it works if there are multiple repos resolves: rhbz#980502 - Fix hivex-commit API to fail with relative paths resolves: rhbz#980372 - Better documentation for filesystem-available API resolves: rhbz#980358 - Fix double free when kernel link fails during launch resolves: rhbz#983690 - Fix virt-sysprep --firstboot option resolves: rhbz#988863 - Fix cap-get-file so it returns empty string instead of error on no cap resolves: rhbz#989352 - Better documentation for acl-set-file resolves: rhbz#985269 - Fix bogus waitpid error when using guestfish --remote resolves: rhbz#996825 - Disable 9p support resolves: rhbz#997884 - Document that guestfish --remote doesn't work with certain other arguments resolves: rhbz#996039 - Enable kvmclock in the appliance to reduce clock instability resolves: rhbz#998108 - Fix 'sh' command before mount causes daemon to segfault resolves: rhbz#1000122 - Various fixes to tar-out 'excludes' (RHBZ#1001875) - Document use of glob + rsync-out (RHBZ#1001876) - Document mke2fs blockscount (RHBZ#1002032) Affected Software/OS: 'libguestfs' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4419 https://bugzilla.redhat.com/show_bug.cgi?id=1016960 https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html RedHat Security Advisories: RHSA-2013:1536 http://rhn.redhat.com/errata/RHSA-2013-1536.html http://secunia.com/advisories/55813 SuSE Security Announcement: SUSE-SU-2013:1626 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html
Copyright	Copyright (C) 2015 Greenbone AG