Oval Definition:oval:com.redhat.rhsa:def:20110586
Revision Date:2011-05-19Version:652
Title:RHSA-2011:0586: libguestfs security, bug fix, and enhancement update (Low)
Description:libguestfs is a library for accessing and modifying guest disk images.

  • libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were accessible to a user on that host who was running a program that utilized the libguestfs library. (CVE-2010-3851)

    This erratum upgrades libguestfs to upstream version 1.7.17, which includes a number of bug fixes and one enhancement. Documentation for these bug fixes and this enhancement is provided in the Technical Notes document, linked to in the References section.

    All libguestfs users are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-3851
    CVE-2010-3851
    RHSA-2011:0586
    RHSA-2011:0586-01
    RHSA-2011:0586-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • guestfish is earlier than 1:1.7.17-17.el6
  • AND guestfish is signed with Red Hat redhatrelease2 key
  • libguestfs is earlier than 1:1.7.17-17.el6
  • AND libguestfs is signed with Red Hat redhatrelease2 key
  • libguestfs-devel is earlier than 1:1.7.17-17.el6
  • AND libguestfs-devel is signed with Red Hat redhatrelease2 key
  • libguestfs-java is earlier than 1:1.7.17-17.el6
  • AND libguestfs-java is signed with Red Hat redhatrelease2 key
  • libguestfs-java-devel is earlier than 1:1.7.17-17.el6
  • AND libguestfs-java-devel is signed with Red Hat redhatrelease2 key
  • libguestfs-javadoc is earlier than 1:1.7.17-17.el6
  • AND libguestfs-javadoc is signed with Red Hat redhatrelease2 key
  • libguestfs-mount is earlier than 1:1.7.17-17.el6
  • AND libguestfs-mount is signed with Red Hat redhatrelease2 key
  • libguestfs-tools is earlier than 1:1.7.17-17.el6
  • AND libguestfs-tools is signed with Red Hat redhatrelease2 key
  • libguestfs-tools-c is earlier than 1:1.7.17-17.el6
  • AND libguestfs-tools-c is signed with Red Hat redhatrelease2 key
  • ocaml-libguestfs is earlier than 1:1.7.17-17.el6
  • AND ocaml-libguestfs is signed with Red Hat redhatrelease2 key
  • ocaml-libguestfs-devel is earlier than 1:1.7.17-17.el6
  • AND ocaml-libguestfs-devel is signed with Red Hat redhatrelease2 key
  • perl-Sys-Guestfs is earlier than 1:1.7.17-17.el6
  • AND perl-Sys-Guestfs is signed with Red Hat redhatrelease2 key
  • python-libguestfs is earlier than 1:1.7.17-17.el6
  • AND python-libguestfs is signed with Red Hat redhatrelease2 key
  • ruby-libguestfs is earlier than 1:1.7.17-17.el6
  • AND ruby-libguestfs is signed with Red Hat redhatrelease2 key
    • BACK