Detections
Analytics

Oracle Linux 6 : libguestfs (ELSA-2011-0586)

medium Nessus Plugin ID 181101

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0586 advisory.

 [1.7.17-17]
 - Remove dependency on gfs2-utils.
 resolves: rhbz#695138

 [1.7.17-16]
 - Canonicalize /dev/vd* paths in virt-inspector code.
 resolves: rhbz#691724

 [1.7.17-15]
 - Fix trace segfault for non-daemon functions.
 resolves: rhbz#676788

 [1.7.17-14]
 - Add explicit BuildRequires for latest augeas. (RHBZ#677616)

 [1.7.17-13]
 - Rebuild to pick up new augeas lens (RHBZ#677616)

 [1.7.17-12]
 - Fix typo in virt-make-fs manual page.
 resolves: rhbz#673721
 - Add a grep-friendly string to LIBGUESTFS_TRACE output.
 resolves: rhbz#673477

 [1.7.17-11]
 - Only runtime require febootstrap-supermin-helper (not whole of febootstrap) (RHBZ#669840).

 [1.7.17-10]
 - Remove external hexedit script and make guestfish users set .
 This is because requiring emacs pulls in all of X (RHBZ#641494).

 [1.7.17-9]
 - Fix: guestfish fails when guest fstab entry does not exist (RHBZ#668611).

 [1.7.17-8]
 - Backport patches up to upstream 1.8.1. (RHBZ#613593)
 - Fixes:
 * guestfish: fails to tilde expand '~' when /home/ksharma unset (RHBZ#617440)
 * libguestfs: unknown filesystem /dev/fd0 (RHBZ#666577)
 * libguestfs: unknown filesystem label SWAP-sda2 (RHBZ#666578)
 * libguestfs: unknown filesystem /dev/hd{x} (cdrom) (RHBZ#666579)
 * virt-filesystems fails on guest with corrupt filesystem label (RHBZ#668115)
 * emphasize 'libguestfs-winsupport' in error output (RHBZ#627468)

 [1.7.17-4]
 - Backport patches up to upstream 1.8.0 _except_ for:
 * changes which require febootstrap 3.x
 * changes which were only relevant for other distros

 [1.7.17-3]
 - New upstream version 1.7.17, rebase for RHEL 6.1 (RHBZ#613593).
 - Require febootstrap >= 2.11.
 - Split out new libguestfs-tools-c package from libguestfs-tools.
 . This is so that the -tools-c package can be pulled in by people wanting to avoid a dependency on Perl, while -tools pulls in everything as before.
 . The C tools currently are: cat, df, filesystems, fish, inspector, ls, mount, rescue.
 . libguestfs-tools no longer pulls in guestfish.
 - guestfish no longer requires pod2text, hence no longer requires perl.
 - guestfish also depends on: less, man, vi, emacs.
 - Add BR db4-utils (although since RPM needs it, it not really necessary).
 - Runtime requires on db4-utils should be on core lib, not tools package.
 - Change all 'Requires: perl-Foo' to 'Requires: perl(Foo)'.
 - New manual pages containing example code.
 - Ship examples for C, OCaml, Ruby, Python.
 - Don't ship HTML versions of man pages.
 - Rebase no-fuse-test patch to latest version.
 - New tool: virt-filesystems.
 - Rename perl-libguestfs as perl-Sys-Guestfs (RHBZ#652587).
 - Remove guestfs-actions.h and guestfs-structs.h. Libguestfs now [header file.]
 - Add AUTHORS file from tarball.

 [1.6.2-4]
 - New upstream stable version 1.6.2, rebase for RHEL 6.1 (RHBZ#613593).
 - Remove previous patches which are now all upstream and in this new version.
 - BR febootstrap 2.10 (RHBZ#628849).
 - BR cryptsetup-luks for new LUKS encryption support.
 - ocaml-xml-light{,-devel} is no longer required to build.
 - guestfish is no longer dependent on virt-inspector.
 - Require the ruby package.
 - Disable PHP and Haskell bindings in configure (they wouldn't build anyway, but this will help people building from source).
 - Set sysconfdir in configure.
 - --enable-debug-command is no longer required by configure script.
 - New command 'virt-make-fs'.
 - Include virt-inspector2, upstream replacement for virt-inspector.
 - Provide hexedit replacement script for guestfish.
 - BR autotools, and rerun after applying patches.

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2011-0586.html

Plugin Details

Severity: Medium

ID: 181101

File Name: oraclelinux_ELSA-2011-0586.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2010-3851

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libguestfs, p-cpe:/a:oracle:linux:libguestfs-tools, p-cpe:/a:oracle:linux:libguestfs-java, p-cpe:/a:oracle:linux:python-libguestfs, p-cpe:/a:oracle:linux:libguestfs-devel, p-cpe:/a:oracle:linux:guestfish, p-cpe:/a:oracle:linux:libguestfs-javadoc, p-cpe:/a:oracle:linux:libguestfs-java-devel, p-cpe:/a:oracle:linux:libguestfs-tools-c, p-cpe:/a:oracle:linux:perl-sys-guestfs, p-cpe:/a:oracle:linux:ruby-libguestfs, p-cpe:/a:oracle:linux:ocaml-libguestfs-devel, p-cpe:/a:oracle:linux:libguestfs-mount, p-cpe:/a:oracle:linux:ocaml-libguestfs, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 5/29/2011

Vulnerability Publication Date: 10/18/2010

Reference Information

CVE: CVE-2010-3851