Описание
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libguestfs | fixed | 1:1.18.0-1 | package |
Примечания
Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
https://bugzilla.redhat.com/show_bug.cgi?id=788642
https://www.openwall.com/lists/oss-security/2012/06/11/1
https://www.openwall.com/lists/oss-security/2012/06/11/5
EPSS
Связанные уязвимости
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
ELSA-2012-0774: libguestfs security, bug fix, and enhancement update (LOW)
EPSS