(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gentoo Linux |
Unknown
|
Unknown
|
|||
libguestfs (Fedora) |
Fix Released
|
Low
|
|||
libguestfs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
A security flaw was found in the way virt-edit tool of libguestfs, a library for accessing and modifying guest disk images, performed file editing in a virtual machine (new file was created, when original file was used leading to loss of attributes likes file permissions, file owner or SELinux context for the edited file). If certain sensitive files were edited using virt-edit, they would become world-readable.
References:
[1] http://
[2] https:/
[3] https:/
Proposed upstream patch:
[4] https:/
CVE References
visibility: | private → public |
Changed in libguestfs (Fedora): | |
importance: | Unknown → Low |
status: | Unknown → Fix Released |
A security flaw was found in the way virt-edit tool of libguestfs, a library for accessing and modifying guest disk images, performed file editing in a virtual machine (new file was created, when original file was used leading to loss of attributes likes file permissions, file owner or SELinux context for the edited file). If certain sensitive files were edited using virt-edit, they would become world-readable.
References: www.openwall. com/lists/ oss-security/ 2012/06/ 11/1 /bugzilla. redhat. com/show_ bug.cgi? id=788642 /www.redhat. com/archives/ libguestfs/ 2012-February/ msg00033. html
[1] http://
[2] https:/
[3] https:/
Proposed upstream patch: /www.redhat. com/archives/ libguestfs/ 2012-February/ msg00034. html
[4] https:/