Ubuntu
libguestfs package

(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)

Bug #1012259 reported by Karma Dorje
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gentoo Linux
Unknown
Unknown
libguestfs (Fedora)
Fix Released
Low
libguestfs (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Unassigned

Bug Description

A security flaw was found in the way virt-edit tool of libguestfs, a library for accessing and modifying guest disk images, performed file editing in a virtual machine (new file was created, when original file was used leading to loss of attributes likes file permissions, file owner or SELinux context for the edited file). If certain sensitive files were edited using virt-edit, they would become world-readable.

References:
[1] http://www.openwall.com/lists/oss-security/2012/06/11/1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=788642
[3] https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html

Proposed upstream patch:
[4] https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html

CVE References

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

A security flaw was found in the way virt-edit tool of libguestfs, a library for accessing and modifying guest disk images, performed file editing in a virtual machine (new file was created, when original file was used leading to loss of attributes likes file permissions, file owner or SELinux context for the edited file). If certain sensitive files were edited using virt-edit, they would become world-readable.

References:
[1] http://www.openwall.com/lists/oss-security/2012/06/11/1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=788642
[3] https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html

Proposed upstream patch:
[4] https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

This issue affects the version of the libguestfs package, as shipped
with Red Hat Enterprise Linux 6.

Revision history for this message
In , errata-xmlrpc (errata-xmlrpc-redhat-bugs) wrote :

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0774 https://rhn.redhat.com/errata/RHSA-2012-0774.html

Karma Dorje (taaroa)
visibility: private → public
Revision history for this message
In , Richard (richard-redhat-bugs) wrote :

We will fix this for EPEL 5. I'm going to push a massively
updated libguestfs package to EPEL 5 next week.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in libguestfs (Ubuntu):
status: New → Triaged
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

$ git describe 24d7889eba3eb6ee2f37ed9d384aa8734ebad7b7
1.17.5-2-g24d7889

It looks like 1.17.5 was the last affected version.
Therefore Precise is the only currently affected release.
I believe cherry-picking above git commit into precise, should resolve this issue.

Changed in libguestfs (Ubuntu Precise):
status: New → Fix Released
status: Fix Released → Confirmed
Changed in libguestfs (Ubuntu Quantal):
status: New → Fix Released
Changed in libguestfs (Ubuntu Raring):
status: Triaged → Fix Released
Changed in libguestfs (Ubuntu Precise):
status: Confirmed → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in libguestfs (Fedora):
importance: Unknown → Low
status: Unknown → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in libguestfs (Ubuntu Precise):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.