Sicherheit: Mangelnde Rechteprüfung in libguestfs
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in libguestfs
ID: FEDORA-2011-17388
Distribution: Fedora
Plattformen: Fedora 15
Datum: Do, 5. Januar 2012, 22:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127
Applikationen: libguestfs


Name        : libguestfs
Product : Fedora 15
Version : 1.10.12
Release : 1.fc15
URL : http://libguestfs.org/
Summary : Access and modify virtual machine disk images
Description :
Libguestfs is a library for accessing and modifying guest disk images.
Amongst the things this is good for: making batch configuration
changes to guests, getting disk used/free statistics (see also:
virt-df), migrating between virtualization systems (see also:
virt-p2v), performing partial backups, performing partial guest
clones, cloning guests and changing registry/UUID/hostname info, and
much else besides.

Libguestfs uses Linux kernel and qemu code, and can access any type of
guest filesystem that Linux and qemu can, including but not limited
to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition
schemes, qcow, qcow2, vmdk.

Libguestfs provides ways to enumerate guest storage (eg. partitions,
LVs, what filesystem is in each LV, etc.). It can also run commands
in the context of the guest.

Libguestfs is a library that can be linked with C and C++ management

See also the 'guestfish' package for shell scripting and command line
access, and 'libguestfs-mount' for mounting guest filesystems on the
host using FUSE.

For Perl bindings, see 'perl-Sys-Guestfs'.

For OCaml bindings, see 'ocaml-libguestfs-devel'.

For Python bindings, see 'python-libguestfs'.

For Ruby bindings, see 'ruby-libguestfs'.

For Java bindings, see 'libguestfs-java-devel'.

For PHP bindings, see 'php-libguestfs'.

Update Information:

Fixes Security: Mitigate possible privilege escalation via SG_IO ioctl
(CVE-2011-4127, RHBZ#757071).

* Thu Dec 22 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.12-1
- New upstream version 1.10.12.
- Fixes Security: Mitigate possible privilege escalation via SG_IO ioctl
(CVE-2011-4127, RHBZ#757071).
* Thu Nov 10 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.11-1
- New upstream stable branch 1.10.11.
* Mon Oct 31 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.10-1
- New upstream stable branch 1.10.10.
* Fri Oct 7 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.9-2
- Make glibc BR conditional on Fedora 15 (for virt-preview).
* Fri Sep 16 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.9-1
- New upstream stable branch 1.10.9.
* Wed Aug 17 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.8-1
- New upstream stable branch 1.10.8.
* Mon Aug 8 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.7-1
- New upstream stable branch 1.10.7.
* Wed Jul 27 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.6-1
- New upstream stable branch 1.10.6.
- Remove patch, now upstream.
* Tue Jul 26 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.5-2
- Add upstream patch to fix segfault in OCaml bindings (RHBZ#725824).
* Wed Jul 13 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.5-1
- New upstream stable branch 1.10.5.
- Fixes: RHBZ#661280 RHBZ#602997 RHBZ#685009.
* Mon Jun 13 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.4-1
- New upstream stable branch 1.10.4.
* Wed May 18 2011 Richard W.M. Jones <rjones@redhat.com> - 1:1.10.3-1
- New upstream stable branch 1.10.3.

This update can be installed with the "yum" update program. Use
su -c 'yum update libguestfs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Neue Nachrichten