Launchpad has imported 4 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=831117.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-06-12T08:52:58+00:00 Jan wrote: A security flaw was found in the way virt-edit tool of libguestfs, a library for accessing and modifying guest disk images, performed file editing in a virtual machine (new file was created, when original file was used leading to loss of attributes likes file permissions, file owner or SELinux context for the edited file). If certain sensitive files were edited using virt-edit, they would become world-readable. References: [1] http://www.openwall.com/lists/oss-security/2012/06/11/1 [2] https://bugzilla.redhat.com/show_bug.cgi?id=788642 [3] https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html Proposed upstream patch: [4] https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html Reply at: https://bugs.launchpad.net/ubuntu/+source/libguestfs/+bug/1012259/comments/0 ------------------------------------------------------------------------ On 2012-06-12T08:54:55+00:00 Jan wrote: This issue affects the version of the libguestfs package, as shipped with Red Hat Enterprise Linux 6. Reply at: https://bugs.launchpad.net/ubuntu/+source/libguestfs/+bug/1012259/comments/1 ------------------------------------------------------------------------ On 2012-06-20T07:02:02+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0774 https://rhn.redhat.com/errata/RHSA-2012-0774.html Reply at: https://bugs.launchpad.net/ubuntu/+source/libguestfs/+bug/1012259/comments/3 ------------------------------------------------------------------------ On 2012-06-22T15:38:59+00:00 Richard wrote: We will fix this for EPEL 5. I'm going to push a massively updated libguestfs package to EPEL 5 next week. Reply at: https://bugs.launchpad.net/ubuntu/+source/libguestfs/+bug/1012259/comments/4 ** Changed in: libguestfs (Fedora) Status: Unknown => Fix Released ** Changed in: libguestfs (Fedora) Importance: Unknown => Low ** Bug watch added: Red Hat Bugzilla #788642 https://bugzilla.redhat.com/show_bug.cgi?id=788642 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1012259 Title: (CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libguestfs/+bug/1012259/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
