Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0586)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.122161

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2011-0586)

Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory.

Description: Summary:
The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory.

Vulnerability Insight:
[1.7.17-17]
- Remove dependency on gfs2-utils.
resolves: rhbz#695138

[1.7.17-16]
- Canonicalize /dev/vd* paths in virt-inspector code.
resolves: rhbz#691724

[1.7.17-15]
- Fix trace segfault for non-daemon functions.
resolves: rhbz#676788

[1.7.17-14]
- Add explicit BuildRequires for latest augeas. (RHBZ#677616)

[1.7.17-13]
- Rebuild to pick up new augeas lens (RHBZ#677616)

[1.7.17-12]
- Fix typo in virt-make-fs manual page.
resolves: rhbz#673721
- Add a grep-friendly string to LIBGUESTFS_TRACE output.
resolves: rhbz#673477

[1.7.17-11]
- Only runtime require febootstrap-supermin-helper (not whole of
febootstrap) (RHBZ#669840).

[1.7.17-10]
- Remove external hexedit script and make guestfish users set .
This is because requiring emacs pulls in all of X (RHBZ#641494).

[1.7.17-9]
- Fix: guestfish fails when guest fstab entry does not exist (RHBZ#668611).

[1.7.17-8]
- Backport patches up to upstream 1.8.1. (RHBZ#613593)
- Fixes:
* guestfish: fails to tilde expand '~
' when /home/ksharma unset (RHBZ#617440)
* libguestfs: unknown filesystem /dev/fd0 (RHBZ#666577)
* libguestfs: unknown filesystem label SWAP-sda2 (RHBZ#666578)
* libguestfs: unknown filesystem /dev/hd{x} (cdrom) (RHBZ#666579)
* virt-filesystems fails on guest with corrupt filesystem label (RHBZ#668115)
* emphasize 'libguestfs-winsupport' in error output (RHBZ#627468)

[1.7.17-4]
- Backport patches up to upstream 1.8.0 _except_ for:
* changes which require febootstrap 3.x
* changes which were only relevant for other distros

[1.7.17-3]
- New upstream version 1.7.17, rebase for RHEL 6.1 (RHBZ#613593).
- Require febootstrap >= 2.11.
- Split out new libguestfs-tools-c package from libguestfs-tools.
. This is so that the -tools-c package can be pulled in by people
wanting to avoid a dependency on Perl, while -tools pulls in everything
as before.
. The C tools currently are: cat, df, filesystems, fish, inspector, ls,
mount, rescue.
. libguestfs-tools no longer pulls in guestfish.
- guestfish no longer requires pod2text, hence no longer requires perl.
- guestfish also depends on: less, man, vi, emacs.
- Add BR db4-utils (although since RPM needs it, it not really necessary).
- Runtime requires on db4-utils should be on core lib, not tools package.
- Change all 'Requires: perl-Foo' to 'Requires: perl(Foo)'.
- New manual pages containing example code.
- Ship examples for C, OCaml, Ruby, Python.
- Don't ship HTML versions of man pages.
- Rebase no-fuse-test patch to latest version.
- New tool: virt-filesystems.
- Rename perl-libguestfs as perl-Sys-Guestfs (RHBZ#652587).
- Remove guestfs-actions.h and guestfs-structs.h. Libguestfs now
[header file.]
- Add AUTHORS file from tarball.

[1.6.2-4]
- New upstream stable version 1.6.2, rebase for RHEL 6.1 (RHBZ#613593).
- Remove previous patches which are now all upstream and in this new version.
- BR febootstrap 2.10 (RHBZ#628849).
- BR cryptsetup-luks ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libguestfs' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3851
41797
http://secunia.com/advisories/41797
42235
http://secunia.com/advisories/42235
44166
http://www.securityfocus.com/bid/44166
ADV-2010-2874
http://www.vupen.com/english/advisories/2010/2874
ADV-2010-2963
http://www.vupen.com/english/advisories/2010/2963
FEDORA-2010-16835
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
FEDORA-2010-17202
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
RHSA-2011:0586
http://www.redhat.com/support/errata/RHSA-2011-0586.html
[Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
[Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
[Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851.
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
https://bugzilla.redhat.com/show_bug.cgi?id=643958

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122161
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2011-0586)
Summary:	The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory.
Description:	Summary: The remote host is missing an update for the 'libguestfs' package(s) announced via the ELSA-2011-0586 advisory. Vulnerability Insight: [1.7.17-17] - Remove dependency on gfs2-utils. resolves: rhbz#695138 [1.7.17-16] - Canonicalize /dev/vd* paths in virt-inspector code. resolves: rhbz#691724 [1.7.17-15] - Fix trace segfault for non-daemon functions. resolves: rhbz#676788 [1.7.17-14] - Add explicit BuildRequires for latest augeas. (RHBZ#677616) [1.7.17-13] - Rebuild to pick up new augeas lens (RHBZ#677616) [1.7.17-12] - Fix typo in virt-make-fs manual page. resolves: rhbz#673721 - Add a grep-friendly string to LIBGUESTFS_TRACE output. resolves: rhbz#673477 [1.7.17-11] - Only runtime require febootstrap-supermin-helper (not whole of febootstrap) (RHBZ#669840). [1.7.17-10] - Remove external hexedit script and make guestfish users set . This is because requiring emacs pulls in all of X (RHBZ#641494). [1.7.17-9] - Fix: guestfish fails when guest fstab entry does not exist (RHBZ#668611). [1.7.17-8] - Backport patches up to upstream 1.8.1. (RHBZ#613593) - Fixes: * guestfish: fails to tilde expand '~ ' when /home/ksharma unset (RHBZ#617440) * libguestfs: unknown filesystem /dev/fd0 (RHBZ#666577) * libguestfs: unknown filesystem label SWAP-sda2 (RHBZ#666578) * libguestfs: unknown filesystem /dev/hd{x} (cdrom) (RHBZ#666579) * virt-filesystems fails on guest with corrupt filesystem label (RHBZ#668115) * emphasize 'libguestfs-winsupport' in error output (RHBZ#627468) [1.7.17-4] - Backport patches up to upstream 1.8.0 _except_ for: * changes which require febootstrap 3.x * changes which were only relevant for other distros [1.7.17-3] - New upstream version 1.7.17, rebase for RHEL 6.1 (RHBZ#613593). - Require febootstrap >= 2.11. - Split out new libguestfs-tools-c package from libguestfs-tools. . This is so that the -tools-c package can be pulled in by people wanting to avoid a dependency on Perl, while -tools pulls in everything as before. . The C tools currently are: cat, df, filesystems, fish, inspector, ls, mount, rescue. . libguestfs-tools no longer pulls in guestfish. - guestfish no longer requires pod2text, hence no longer requires perl. - guestfish also depends on: less, man, vi, emacs. - Add BR db4-utils (although since RPM needs it, it not really necessary). - Runtime requires on db4-utils should be on core lib, not tools package. - Change all 'Requires: perl-Foo' to 'Requires: perl(Foo)'. - New manual pages containing example code. - Ship examples for C, OCaml, Ruby, Python. - Don't ship HTML versions of man pages. - Rebase no-fuse-test patch to latest version. - New tool: virt-filesystems. - Rename perl-libguestfs as perl-Sys-Guestfs (RHBZ#652587). - Remove guestfs-actions.h and guestfs-structs.h. Libguestfs now [header file.] - Add AUTHORS file from tarball. [1.6.2-4] - New upstream stable version 1.6.2, rebase for RHEL 6.1 (RHBZ#613593). - Remove previous patches which are now all upstream and in this new version. - BR febootstrap 2.10 (RHBZ#628849). - BR cryptsetup-luks ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libguestfs' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3851 41797 http://secunia.com/advisories/41797 42235 http://secunia.com/advisories/42235 44166 http://www.securityfocus.com/bid/44166 ADV-2010-2874 http://www.vupen.com/english/advisories/2010/2874 ADV-2010-2963 http://www.vupen.com/english/advisories/2010/2963 FEDORA-2010-16835 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html FEDORA-2010-17202 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html RHSA-2011:0586 http://www.redhat.com/support/errata/RHSA-2011-0586.html [Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html [Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851 https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html [Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851. https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/ https://bugzilla.redhat.com/show_bug.cgi?id=643958
Copyright	Copyright (C) 2015 Greenbone AG