This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could
result in the wrong device being attached to a guest, giving that
guest root access to the device. (CVE-2012-2693)
This update also fixes the following bugs :
- Previously, the libvirtd library failed to set the
autostart flags for already defined QEMU domains. This
bug has been fixed, and the domains can now be
successfully marked as autostarted.
- Prior to this update, the virFileAbsPath() function was
not taking into account the slash ('/') directory
separator when allocating memory for combining the cwd()
function and a path. This behavior could lead to a
memory corruption. With this update, a transformation to
the virAsprintff() function has been introduced into
virFileAbsPath(). As a result, the aforementioned
behavior no longer occurs.
- With this update, a man page of the virsh user interface
has been enhanced with information on the
'domxml-from-native' and 'domxml-to-native' commands. A
correct notation of the format argument has been
clarified. As a result, confusion is avoided when
setting the format argument in the described commands.
After installing the updated packages, libvirtd will be restarted
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 3.7
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 63598 ()
CVE ID: CVE-2012-2693