Executive Summary
Summary | |
---|---|
Title | libvirt security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0748 | First vendor Publication | 2012-06-20 |
Vendor | RedHat | Last vendor Modification | 2012-06-20 |
Severity (Vendor) | Low | Revision | 05 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.7 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device. (CVE-2012-2693) These updated libvirt packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of libvirt are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 515293 - RFE: Support formatting of new (ext3/4) filesystems for fs storage pool type 589849 - [LXC] Changing shutoff guest max memory can effect current memory 605953 - RFE: Add a command to quickly setup a Bridge Networking for KVM 611823 - Storage driver should prohibit pools with duplicate underlying storage 611824 - RFE: Expose 'virDomainMemoryPeek' and 'virDomainBlockPeek' in python bindings 613537 - [LXC] Fail to start vm that have multi network interfaces. 619846 - virsh dump gives very cryptic error messages 624447 - [vdsm] [libvirt] permission error on run vm task when using NFS storage (libvirt log!) 625115 - cannot run virt-manager as regular user in a VNC session 625362 - libvirt-guests should start and shut down guests in parallel 628823 - DOCS: Document that the bootable disk must be first in the XML 638633 - [RHEL6-Beta] 'virsh attach-interface' succeeds even if a nonexistent script file is specified to the option --script. 639599 - "virt-xml-validate" failed to validate guest domain configuration file if the domain name got a "#" in it . 643373 - RFE: Add ability to control link up/down state of guest NICs via XML & on the fly. 648594 - Support online resizing of block devices 673499 - Some virsh vol-* commands require the pool option, but don't indicate this when they fail 673811 - [RFE] VIRSH : Add ability to specify max migration bandwidth 680880 - The defined NFS pool can not be started 685083 - virt-xml-validate fails if xml is generated from running domain 689768 - libvirt should report better error than: cannot send monitor command '{"execute":"qmp_capabilities"}' 693758 - libvirt-guests init script saves but doesn't restore non-persistent domains 697808 - Improve error message when passing XML doc with wrong root element to define/create APIs. 698521 - virsh freecell command help and man pages should be more clear 700272 - RFE add support for "host cpu" in Libvirt 700523 - clearing caps before running ssh breaks prevents ssh-askpass from launching from 'sudo virt-manager' 702260 - Libvirt can't remove logical volume because it doesn't deactivate it first 708735 - [RFE] Show column and line on XML parsing error 709265 - empty vg storage pool can break GetVolumeByPath for all pools 712266 - Hotplug virtio disk fails with error message "Duplicate ID 'drive-virtio-disk2' for drive" 713932 - RFE: implement insert-media and eject-media virsh commands 715019 - (libvirt) Report disk latency (read and write) for each storage device 715590 - Add support for USB 2.0 (EHCI) to libvirt 725269 - generated qemu -smp string is ambiguous, gives unexpected results 725373 - [libvirt] when using domabortjob to abort stuck migration , the migration command still hangs. 726174 - Impossible libvirt remote administration via qemu+ssh 726771 - libvirt does not specify problem file if persistent xml is invalid 729694 - bootindex added after install completes. causes boot failure in KVM with mixed virtio/ide disks 731151 - RFE: allow capabilities/guest XML to be used with virsh cpu-compare 731645 - cpu-baseline should support the complete |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0748.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20602 | |||
Oval ID: | oval:org.mitre.oval:def:20602 | ||
Title: | RHSA-2012:0748: libvirt security, bug fix, and enhancement update (Low) | ||
Description: | libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0748-05 CESA-2012:0748 CVE-2012-2693 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | libvirt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21039 | |||
Oval ID: | oval:org.mitre.oval:def:21039 | ||
Title: | RHSA-2013:0127: libvirt security and bug fix update (Low) | ||
Description: | libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0127-00 CESA-2013:0127 CVE-2012-2693 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libvirt |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23294 | |||
Oval ID: | oval:org.mitre.oval:def:23294 | ||
Title: | ELSA-2013:0127: libvirt security and bug fix update (Low) | ||
Description: | libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0127-00 CVE-2012-2693 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libvirt |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23831 | |||
Oval ID: | oval:org.mitre.oval:def:23831 | ||
Title: | ELSA-2012:0748: libvirt security, bug fix, and enhancement update (Low) | ||
Description: | libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0748-05 CVE-2012-2693 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | libvirt |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27180 | |||
Oval ID: | oval:org.mitre.oval:def:27180 | ||
Title: | DEPRECATED: ELSA-2012-0748 -- libvirt security, bug fix, and enhancement update (low) | ||
Description: | [libvirt-0.9.10-21.0.1.el6] - Replace docs/et.png in tarball with blank image [libvirt-0.9.10-21.el6] - qemu: Rollback on used USB devices (rhbz#743671) - qemu: Dont delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#743671) - Revert 'rpc: Discard non-blocking calls only when necessary' (rhbz#821468) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0748 CVE-2012-2693 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | libvirt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27410 | |||
Oval ID: | oval:org.mitre.oval:def:27410 | ||
Title: | DEPRECATED: ELSA-2013-0127 -- libvirt security and bug fix update (low) | ||
Description: | [0.8.2-29.0.1.el5] - Replaced docs/et.png in tarball - remove virshtest from test cases to fix failure in mock build root | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0127 CVE-2012-2693 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | libvirt |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-16 | Name : Fedora Update for libvirt FEDORA-2012-15634 File : nvt/gb_fedora_2012_15634_libvirt_fc17.nasl |
2012-09-07 | Name : Fedora Update for libvirt FEDORA-2012-12523 File : nvt/gb_fedora_2012_12523_libvirt_fc17.nasl |
2012-07-30 | Name : CentOS Update for libvirt CESA-2012:0748 centos6 File : nvt/gb_CESA-2012_0748_libvirt_centos6.nasl |
2012-06-22 | Name : RedHat Update for libvirt RHSA-2012:0748-05 File : nvt/gb_RHSA-2012_0748-05_libvirt.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0748.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0127.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0127.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0127.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_libvirt_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120620_libvirt_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0748.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0748.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:56:01 |
|