Red Hat Local Security Checks : RedHat Update for libguestfs RHSA-2011:0586-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870656

Categoría: Red Hat Local Security Checks

Título: RedHat Update for libguestfs RHSA-2011:0586-01

Resumen: The remote host is missing an update for the 'libguestfs'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libguestfs'
package(s) announced via the referenced advisory.

Vulnerability Insight:
libguestfs is a library for accessing and modifying guest disk images.

libguestfs relied on the format auto-detection in QEMU rather than
allowing the guest image file format to be specified. A privileged guest
user could potentially use this flaw to read arbitrary files on the host
that were accessible to a user on that host who was running a program that
utilized the libguestfs library. (CVE-2010-3851)

This erratum upgrades libguestfs to upstream version 1.7.17, which includes
a number of bug fixes and one enhancement. Documentation for these bug
fixes and this enhancement is provided in the Technical Notes document,
linked to in the References section.

All libguestfs users are advised to upgrade to these updated packages,
which correct this issue, and fix the bugs and add the enhancement noted
in the Technical Notes.

Affected Software/OS:
libguestfs on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3851
41797
http://secunia.com/advisories/41797
42235
http://secunia.com/advisories/42235
44166
http://www.securityfocus.com/bid/44166
ADV-2010-2874
http://www.vupen.com/english/advisories/2010/2874
ADV-2010-2963
http://www.vupen.com/english/advisories/2010/2963
FEDORA-2010-16835
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
FEDORA-2010-17202
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
RHSA-2011:0586
http://www.redhat.com/support/errata/RHSA-2011-0586.html
[Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
[Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
[Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851.
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
https://bugzilla.redhat.com/show_bug.cgi?id=643958

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870656
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for libguestfs RHSA-2011:0586-01
Resumen:	The remote host is missing an update for the 'libguestfs'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the referenced advisory. Vulnerability Insight: libguestfs is a library for accessing and modifying guest disk images. libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were accessible to a user on that host who was running a program that utilized the libguestfs library. (CVE-2010-3851) This erratum upgrades libguestfs to upstream version 1.7.17, which includes a number of bug fixes and one enhancement. Documentation for these bug fixes and this enhancement is provided in the Technical Notes document, linked to in the References section. All libguestfs users are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes. Affected Software/OS: libguestfs on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3851 41797 http://secunia.com/advisories/41797 42235 http://secunia.com/advisories/42235 44166 http://www.securityfocus.com/bid/44166 ADV-2010-2874 http://www.vupen.com/english/advisories/2010/2874 ADV-2010-2963 http://www.vupen.com/english/advisories/2010/2963 FEDORA-2010-16835 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html FEDORA-2010-17202 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html RHSA-2011:0586 http://www.redhat.com/support/errata/RHSA-2011-0586.html [Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html [Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851 https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html [Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851. https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/ https://bugzilla.redhat.com/show_bug.cgi?id=643958
Copyright	Copyright (C) 2012 Greenbone AG