Otkrivena je sigurnosna ranjivost vezana uz libguestfs koja se može iskoristiti za zaobilaženje postavljenih ograničenja te povećanje ovlasti pisanja i čitanja pojedinih sadržaja.
Paket:
libguestfs 1.x
Operacijski sustavi:
Fedora 15, Fedora 16
Kritičnost:
5
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4127
Izvorni ID preporuke:
FEDORA-2011-17372
Izvor:
Fedora
Problem:
Za sada nisu objavljeni točni detalji što uzrokuje sigurnosni nedostatak.
Posljedica:
Udaljeni napadač može iskoristiti navedeni nedostatak za zaobilaženje postavljenih ograničenja i stjecanje ovlasti čitanja i pisanja.
Rješenje:
Kako bi se zaštitili, korisnicima se savjetuje korištenje odgovarajuće programske nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-17372
2011-12-23 03:09:43
--------------------------------------------------------------------------------
Name : libguestfs
Product : Fedora 16
Version : 1.14.8
Release : 1.fc16
URL : http://libguestfs.org/
Summary : Access and modify virtual machine disk images
Description :
Libguestfs is a library for accessing and modifying guest disk images.
Amongst the things this is good for: making batch configuration
changes to guests, getting disk used/free statistics (see also:
virt-df), migrating between virtualization systems (see also:
virt-p2v), performing partial backups, performing partial guest
clones, cloning guests and changing registry/UUID/hostname info, and
much else besides.
Libguestfs uses Linux kernel and qemu code, and can access any type of
guest filesystem that Linux and qemu can, including but not limited
to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition
schemes, qcow, qcow2, vmdk.
Libguestfs provides ways to enumerate guest storage (eg. partitions,
LVs, what filesystem is in each LV, etc.). It can also run commands
in the context of the guest.
Libguestfs is a library that can be linked with C and C++ management
programs.
For high level virt tools, guestfish (shell scripting and command line
access), and guestmount (mount guest filesystems using FUSE), install
'libguestfs-tools'.
For shell scripting and command line access, install 'guestfish'.
To mount guest filesystems on the host using FUSE, install
'libguestfs-mount'.
For Erlang bindings, install 'erlang-libguestfs'.
For Java bindings, install 'libguestfs-java-devel'.
For OCaml bindings, install 'ocaml-libguestfs-devel'.
For Perl bindings, install 'perl-Sys-Guestfs'.
For PHP bindings, install 'php-libguestfs'.
For Python bindings, install 'python-libguestfs'.
For Ruby bindings, install 'ruby-libguestfs'.
--------------------------------------------------------------------------------
Update Information:
Fixes Security: Mitigate possible privilege escalation via SG_IO ioctl
(CVE-2011-4127, RHBZ#757071).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.8-1
- New upstream version 1.14.8.
- Fixes Security: Mitigate possible privilege escalation via SG_IO ioctl
(CVE-2011-4127, RHBZ#757071).
* Fri Dec 9 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.7-1
- New upstream stable version 1.14.7.
- Rebase patches.
- Fix guestmount not always failing with EXIT_FAILURE if fuse_main failed.
- Fix guestmount -i option leaving dead filesystem if root failed to mount.
- Fix utimens so it doesn't hang on named pipes (RHBZ#761460).
- Allow utimens to work for directories (RHBZ#761451).
- copy-in/copy-out: Wait for the tar subprocess only (RHBZ#760669).
- fish: Improve error messages when no OS / multi-boot OS found with inspection
(RHBZ#760775).
* Tue Dec 6 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.6-1
- New upstream stable version 1.14.6.
- Add support for inspection of MD devices (RHBZ#760245).
- Use git to manage patches.
* Fri Dec 2 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.5-1
- New upstream stable version 1.14.5.
* Thu Nov 24 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.4-1
- New upstream stable version 1.14.4.
* Tue Nov 22 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.3-1
- New upstream stable version 1.14.3.
- libguestfs_jni.a is no longer built.
- Add guestfs-testing(1) man page.
* Fri Nov 18 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.14.2-1
- Rebase Fedora 16 to new stable libguestfs version 1.14.2.
This was discussed upstream and announced on Fedora devel list.
https://www.redhat.com/archives/libguestfs/2011-October/msg00004.html
https://lists.fedoraproject.org/pipermail/devel/2011-November/159316.html
This spec file is based on current Rawhide (which on development
version 1.15.4).
* Thu Nov 17 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.15.4-2
- New upstream version 1.15.4.
- Remove patch which is now upstream.
- libguestfs_jni.a is no longer built (we don't know why).
* Fri Nov 11 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.15.3-3
- Add upstream patch to disable part of virt-df test.
* Thu Nov 10 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.15.3-1
- New upstream version 1.15.3.
- Fix list of BuildRequires so they precisely match the appliance.
* Thu Nov 3 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.15.2-1
- New upstream version 1.15.2.
- ocaml-pcre is no longer required for virt-resize.
- xmlstarlet is no longer required for virt-sysprep.
* Tue Nov 1 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.15.1-1
- New upstream version 1.15.1.
* Wed Oct 26 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.15.0-1
- Stable branch 1.14.0 was released. This is the new development
branch version 1.15.0.
* Wed Oct 26 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.13.26-1
- New upstream version 1.13.26.
* Wed Oct 26 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.13.25-1
- New upstream version 1.13.25.
* Mon Oct 24 2011 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.13.24-1
- New upstream version 1.13.24.
- This version includes upstream workarounds for broken qemu, so both
non-upstream patches have now been removed from Fedora.
* Fri Oct 21 2011 Marcela MaĹÄ
Posljednje sigurnosne preporuke