CentOS Update for libvirt CESA-2012:0748 centos6

CentOS Update for libvirt CESA-2012:0748 centos6. Update includes bug fixes, enhancements and security patch for CVE-2012-2693. Users should restart libvirtd after installation

Reporter	Title	Published	Views	Family All 49
Tenable Nessus	CentOS 6 : libvirt (CESA-2012:0748)	11 Jul 201200:00	–	nessus
Tenable Nessus	CentOS 5 : libvirt (CESA-2013:0127)	17 Jan 201300:00	–	nessus
Tenable Nessus	MiracleLinux 4 : libvirt-0.9.10-21.1.0.1.AXS4 (AXSA:2012-655:03)	14 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 3 : libvirt-0.8.2-29.0.1.AXS3 (AXSA:2013-46:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 6 : libvirt (ELSA-2012-0748)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 5 : libvirt (ELSA-2013-0127)	12 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 6 : libvirt (RHSA-2012:0748)	20 Jun 201200:00	–	nessus
Tenable Nessus	RHEL 5 : libvirt (RHSA-2013:0127)	24 Jan 201300:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20120620)	1 Aug 201200:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : libvirt on SL5.x i386/x86_64 (20130108)	17 Jan 201300:00	–	nessus

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2012-July/018709.html

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for libvirt CESA-2012:0748 centos6 
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_insight = "The libvirt library is a C API for managing and interacting with the
  virtualization capabilities of Linux and other operating systems. In
  addition, libvirt provides tools for remote management of virtualized
  systems.

  Bus and device IDs were ignored when attempting to attach multiple USB
  devices with identical vendor or product IDs to a guest. This could result
  in the wrong device being attached to a guest, giving that guest root
  access to the device. (CVE-2012-2693)
  
  These updated libvirt packages include numerous bug fixes and enhancements.
  Space precludes documenting all of these changes in this advisory. Users
  are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for
  information on the most significant of these changes.
  
  All users of libvirt are advised to upgrade to these updated packages,
  which fix these issues and add these enhancements. After installing the
  updated packages, libvirtd must be restarted (&quot;service libvirtd restart&quot;)
  for this update to take effect.";

tag_affected = "libvirt on CentOS 6";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2012-July/018709.html");
  script_id(881097);
  script_version("$Revision: 8352 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $");
  script_tag(name:"creation_date", value:"2012-07-30 16:07:58 +0530 (Mon, 30 Jul 2012)");
  script_cve_id("CVE-2012-2693");
  script_tag(name:"cvss_base", value:"3.7");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:N/C:P/I:P/A:P");
  script_xref(name: "CESA", value: "2012:0748");
  script_name("CentOS Update for libvirt CESA-2012:0748 centos6 ");

  script_tag(name: "summary" , value: "Check for the Version of libvirt");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS6")
{

  if ((res = isrpmvuln(pkg:"libvirt", rpm:"libvirt~0.9.10~21.el6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libvirt-client", rpm:"libvirt-client~0.9.10~21.el6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libvirt-devel", rpm:"libvirt-devel~0.9.10~21.el6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libvirt-lock-sanlock", rpm:"libvirt-lock-sanlock~0.9.10~21.el6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libvirt-python", rpm:"libvirt-python~0.9.10~21.el6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

10 Jan 2018 00:00Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.00059