Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0586

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69656

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:0586

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:0586.

libguestfs is a library for accessing and modifying guest disk images.

libguestfs relied on the format auto-detection in QEMU rather than
allowing the guest image file format to be specified. A privileged guest
user could potentially use this flaw to read arbitrary files on the host
that were accessible to a user on that host who was running a program that
utilized the libguestfs library. (CVE-2010-3851)

This erratum upgrades libguestfs to upstream version 1.7.17, which includes
a number of bug fixes and one enhancement. Documentation for these bug
fixes and this enhancement is provided in the Technical Notes document,
linked to in the References section.

All libguestfs users are advised to upgrade to these updated packages,
which correct this issue, and fix the bugs and add the enhancement noted
in the Technical Notes.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0586.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/index.html#libguestfs

Risk factor : Medium

CVSS Score:
4.7

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3851
41797
http://secunia.com/advisories/41797
42235
http://secunia.com/advisories/42235
44166
http://www.securityfocus.com/bid/44166
ADV-2010-2874
http://www.vupen.com/english/advisories/2010/2874
ADV-2010-2963
http://www.vupen.com/english/advisories/2010/2963
FEDORA-2010-16835
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
FEDORA-2010-17202
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
RHSA-2011:0586
http://www.redhat.com/support/errata/RHSA-2011-0586.html
[Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
[Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
[Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851.
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
https://bugzilla.redhat.com/show_bug.cgi?id=643958

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69656
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0586
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0586. libguestfs is a library for accessing and modifying guest disk images. libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were accessible to a user on that host who was running a program that utilized the libguestfs library. (CVE-2010-3851) This erratum upgrades libguestfs to upstream version 1.7.17, which includes a number of bug fixes and one enhancement. Documentation for these bug fixes and this enhancement is provided in the Technical Notes document, linked to in the References section. All libguestfs users are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0586.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/index.html#libguestfs Risk factor : Medium CVSS Score: 4.7
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3851 41797 http://secunia.com/advisories/41797 42235 http://secunia.com/advisories/42235 44166 http://www.securityfocus.com/bid/44166 ADV-2010-2874 http://www.vupen.com/english/advisories/2010/2874 ADV-2010-2963 http://www.vupen.com/english/advisories/2010/2963 FEDORA-2010-16835 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html FEDORA-2010-17202 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html RHSA-2011:0586 http://www.redhat.com/support/errata/RHSA-2011-0586.html [Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html [Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851 https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html [Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851. https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/ https://bugzilla.redhat.com/show_bug.cgi?id=643958
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com