Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0586)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122161

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2011-0586)

Zusammenfassung: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory.

Vulnerability Insight:
[1.7.17-17]
- Remove dependency on gfs2-utils.
resolves: rhbz#695138

[1.7.17-16]
- Canonicalize /dev/vd* paths in virt-inspector code.
resolves: rhbz#691724

[1.7.17-15]
- Fix trace segfault for non-daemon functions.
resolves: rhbz#676788

[1.7.17-14]
- Add explicit BuildRequires for latest augeas. (RHBZ#677616)

[1.7.17-13]
- Rebuild to pick up new augeas lens (RHBZ#677616)

[1.7.17-12]
- Fix typo in virt-make-fs manual page.
resolves: rhbz#673721
- Add a grep-friendly string to LIBGUESTFS_TRACE output.
resolves: rhbz#673477

[1.7.17-11]
- Only runtime require febootstrap-supermin-helper (not whole of
febootstrap) (RHBZ#669840).

[1.7.17-10]
- Remove external hexedit script and make guestfish users set .
This is because requiring emacs pulls in all of X (RHBZ#641494).

[1.7.17-9]
- Fix: guestfish fails when guest fstab entry does not exist (RHBZ#668611).

[1.7.17-8]
- Backport patches up to upstream 1.8.1. (RHBZ#613593)
- Fixes:
* guestfish: fails to tilde expand '~
' when /home/ksharma unset (RHBZ#617440)
* libguestfs: unknown filesystem /dev/fd0 (RHBZ#666577)
* libguestfs: unknown filesystem label SWAP-sda2 (RHBZ#666578)
* libguestfs: unknown filesystem /dev/hd{x} (cdrom) (RHBZ#666579)
* virt-filesystems fails on guest with corrupt filesystem label (RHBZ#668115)
* emphasize 'libguestfs-winsupport' in error output (RHBZ#627468)

[1.7.17-4]
- Backport patches up to upstream 1.8.0 _except_ for:
* changes which require febootstrap 3.x
* changes which were only relevant for other distros

[1.7.17-3]
- New upstream version 1.7.17, rebase for RHEL 6.1 (RHBZ#613593).
- Require febootstrap >= 2.11.
- Split out new libguestfs-tools-c package from libguestfs-tools.
. This is so that the -tools-c package can be pulled in by people
wanting to avoid a dependency on Perl, while -tools pulls in everything
as before.
. The C tools currently are: cat, df, filesystems, fish, inspector, ls,
mount, rescue.
. libguestfs-tools no longer pulls in guestfish.
- guestfish no longer requires pod2text, hence no longer requires perl.
- guestfish also depends on: less, man, vi, emacs.
- Add BR db4-utils (although since RPM needs it, it not really necessary).
- Runtime requires on db4-utils should be on core lib, not tools package.
- Change all 'Requires: perl-Foo' to 'Requires: perl(Foo)'.
- New manual pages containing example code.
- Ship examples for C, OCaml, Ruby, Python.
- Don't ship HTML versions of man pages.
- Rebase no-fuse-test patch to latest version.
- New tool: virt-filesystems.
- Rename perl-libguestfs as perl-Sys-Guestfs (RHBZ#652587).
- Remove guestfs-actions.h and guestfs-structs.h. Libguestfs now
[header file.]
- Add AUTHORS file from tarball.

[1.6.2-4]
- New upstream stable version 1.6.2, rebase for RHEL 6.1 (RHBZ#613593).
- Remove previous patches which are now all upstream and in this new version.
- BR febootstrap 2.10 (RHBZ#628849).
- BR cryptsetup-luks ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libguestfs' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3851
41797
http://secunia.com/advisories/41797
42235
http://secunia.com/advisories/42235
44166
http://www.securityfocus.com/bid/44166
ADV-2010-2874
http://www.vupen.com/english/advisories/2010/2874
ADV-2010-2963
http://www.vupen.com/english/advisories/2010/2963
FEDORA-2010-16835
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
FEDORA-2010-17202
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
RHSA-2011:0586
http://www.redhat.com/support/errata/RHSA-2011-0586.html
[Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
[Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
[Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851.
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
https://bugzilla.redhat.com/show_bug.cgi?id=643958

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122161
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2011-0586)
Zusammenfassung:	The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory. Vulnerability Insight: [1.7.17-17] - Remove dependency on gfs2-utils. resolves: rhbz#695138 [1.7.17-16] - Canonicalize /dev/vd* paths in virt-inspector code. resolves: rhbz#691724 [1.7.17-15] - Fix trace segfault for non-daemon functions. resolves: rhbz#676788 [1.7.17-14] - Add explicit BuildRequires for latest augeas. (RHBZ#677616) [1.7.17-13] - Rebuild to pick up new augeas lens (RHBZ#677616) [1.7.17-12] - Fix typo in virt-make-fs manual page. resolves: rhbz#673721 - Add a grep-friendly string to LIBGUESTFS_TRACE output. resolves: rhbz#673477 [1.7.17-11] - Only runtime require febootstrap-supermin-helper (not whole of febootstrap) (RHBZ#669840). [1.7.17-10] - Remove external hexedit script and make guestfish users set . This is because requiring emacs pulls in all of X (RHBZ#641494). [1.7.17-9] - Fix: guestfish fails when guest fstab entry does not exist (RHBZ#668611). [1.7.17-8] - Backport patches up to upstream 1.8.1. (RHBZ#613593) - Fixes: * guestfish: fails to tilde expand '~ ' when /home/ksharma unset (RHBZ#617440) * libguestfs: unknown filesystem /dev/fd0 (RHBZ#666577) * libguestfs: unknown filesystem label SWAP-sda2 (RHBZ#666578) * libguestfs: unknown filesystem /dev/hd{x} (cdrom) (RHBZ#666579) * virt-filesystems fails on guest with corrupt filesystem label (RHBZ#668115) * emphasize 'libguestfs-winsupport' in error output (RHBZ#627468) [1.7.17-4] - Backport patches up to upstream 1.8.0 _except_ for: * changes which require febootstrap 3.x * changes which were only relevant for other distros [1.7.17-3] - New upstream version 1.7.17, rebase for RHEL 6.1 (RHBZ#613593). - Require febootstrap >= 2.11. - Split out new libguestfs-tools-c package from libguestfs-tools. . This is so that the -tools-c package can be pulled in by people wanting to avoid a dependency on Perl, while -tools pulls in everything as before. . The C tools currently are: cat, df, filesystems, fish, inspector, ls, mount, rescue. . libguestfs-tools no longer pulls in guestfish. - guestfish no longer requires pod2text, hence no longer requires perl. - guestfish also depends on: less, man, vi, emacs. - Add BR db4-utils (although since RPM needs it, it not really necessary). - Runtime requires on db4-utils should be on core lib, not tools package. - Change all 'Requires: perl-Foo' to 'Requires: perl(Foo)'. - New manual pages containing example code. - Ship examples for C, OCaml, Ruby, Python. - Don't ship HTML versions of man pages. - Rebase no-fuse-test patch to latest version. - New tool: virt-filesystems. - Rename perl-libguestfs as perl-Sys-Guestfs (RHBZ#652587). - Remove guestfs-actions.h and guestfs-structs.h. Libguestfs now [header file.] - Add AUTHORS file from tarball. [1.6.2-4] - New upstream stable version 1.6.2, rebase for RHEL 6.1 (RHBZ#613593). - Remove previous patches which are now all upstream and in this new version. - BR febootstrap 2.10 (RHBZ#628849). - BR cryptsetup-luks ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libguestfs' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3851 41797 http://secunia.com/advisories/41797 42235 http://secunia.com/advisories/42235 44166 http://www.securityfocus.com/bid/44166 ADV-2010-2874 http://www.vupen.com/english/advisories/2010/2874 ADV-2010-2963 http://www.vupen.com/english/advisories/2010/2963 FEDORA-2010-16835 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html FEDORA-2010-17202 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html RHSA-2011:0586 http://www.redhat.com/support/errata/RHSA-2011-0586.html [Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html [Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851 https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html [Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851. https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/ https://bugzilla.redhat.com/show_bug.cgi?id=643958
Copyright	Copyright (C) 2015 Greenbone AG