Scientific Linux Security Update : libvirt on SL5.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could
result in the wrong device being attached to a guest, giving that
guest root access to the device. (CVE-2012-2693)

This update also fixes the following bugs :

- Previously, the libvirtd library failed to set the
autostart flags for already defined QEMU domains. This
bug has been fixed, and the domains can now be
successfully marked as autostarted.

- Prior to this update, the virFileAbsPath() function was
not taking into account the slash ('/') directory
separator when allocating memory for combining the cwd()
function and a path. This behavior could lead to a
memory corruption. With this update, a transformation to
the virAsprintff() function has been introduced into
virFileAbsPath(). As a result, the aforementioned
behavior no longer occurs.

- With this update, a man page of the virsh user interface
has been enhanced with information on the
'domxml-from-native' and 'domxml-to-native' commands. A
correct notation of the format argument has been
clarified. As a result, confusion is avoided when
setting the format argument in the described commands.

After installing the updated packages, libvirtd will be restarted
automatically.

See also :

http://www.nessus.org/u?9f7c9f98

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.7
(CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 63598 ()

Bugtraq ID:

CVE ID: CVE-2012-2693