 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 9 Jul 2012 10:04:48 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Low: libguestfs security, bug fix, and enhancement update
Issue Date: 2012-06-20
CVE Numbers: CVE-2012-2690
libguestfs is a library for accessing and modifying guest disk images.
It was found that editing files with virt-edit left said files in a
world-readable state (and did not preserve the file owner or
Security-Enhanced Linux context). If an administrator on the host used
virt-edit to edit a file inside a guest, the file would be left with
world-readable permissions. This could lead to unprivileged guest users
accessing files they would otherwise be unable to. (CVE-2012-2690)
These updated libguestfs packages include numerous bug fixes and
enhancements.
Users of libguestfs are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.
SL6:
x86_64
libguestfs-1.16.19-1.el6.x86_64.rpm
libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm
libguestfs-devel-1.16.19-1.el6.x86_64.rpm
libguestfs-java-1.16.19-1.el6.x86_64.rpm
libguestfs-java-devel-1.16.19-1.el6.x86_64.rpm
libguestfs-javadoc-1.16.19-1.el6.x86_64.rpm
libguestfs-tools-1.16.19-1.el6.x86_64.rpm
libguestfs-tools-c-1.16.19-1.el6.x86_64.rpm
ocaml-libguestfs-1.16.19-1.el6.x86_64.rpm
ocaml-libguestfs-devel-1.16.19-1.el6.x86_64.rpm
perl-Sys-Guestfs-1.16.19-1.el6.x86_64.rpm
python-libguestfs-1.16.19-1.el6.x86_64.rpm
ruby-libguestfs-1.16.19-1.el6.x86_64.rpm
- Scientific Linux Development Team
|
|
|
