CentOS Local Security Checks : CentOS Update for libguestfs CESA-2012:0774 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881146

Categoría: CentOS Local Security Checks

Título: CentOS Update for libguestfs CESA-2012:0774 centos6

Resumen: The remote host is missing an update for the 'libguestfs'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libguestfs'
package(s) announced via the referenced advisory.

Vulnerability Insight:
libguestfs is a library for accessing and modifying guest disk images.

It was found that editing files with virt-edit left said files in a
world-readable state (and did not preserve the file owner or
Security-Enhanced Linux context). If an administrator on the host used
virt-edit to edit a file inside a guest, the file would be left with
world-readable permissions. This could lead to unprivileged guest users
accessing files they would otherwise be unable to. (CVE-2012-2690)

These updated libguestfs packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical
Notes for information on the most significant of these changes.

Users of libguestfs are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.

Affected Software/OS:
libguestfs on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2690
49431
http://secunia.com/advisories/49431
49545
http://secunia.com/advisories/49545
53932
http://www.securityfocus.com/bid/53932
RHSA-2012:0774
http://rhn.redhat.com/errata/RHSA-2012-0774.html
[Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images
https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html
libguestfs-virtedit-info-disc(76220)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76220

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881146
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libguestfs CESA-2012:0774 centos6
Resumen:	The remote host is missing an update for the 'libguestfs'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the referenced advisory. Vulnerability Insight: libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. (CVE-2012-2690) These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users of libguestfs are advised to upgrade to these updated packages, which fix these issues and add these enhancements. Affected Software/OS: libguestfs on CentOS 6 Solution: Please install the updated packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2690 49431 http://secunia.com/advisories/49431 49545 http://secunia.com/advisories/49545 53932 http://www.securityfocus.com/bid/53932 RHSA-2012:0774 http://rhn.redhat.com/errata/RHSA-2012-0774.html [Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html libguestfs-virtedit-info-disc(76220) https://exchange.xforce.ibmcloud.com/vulnerabilities/76220
Copyright	Copyright (C) 2012 Greenbone AG