Fedora 12 : libvirt-0.8.2-1.fc12 (2010-11021)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

A reboot is required to update the iptables rules for the default
virtual network to address the CVE-2010-2242 All disk format probing
is now disabled in a default installation of libvirt. This change may
prevent KVM guests using qcow2 disks from booting successfully. If
this occurs verify that the guest XML <disk> element has explicitly
requested use of the qcow2 data format via the <driver> element:
<driver name='qemu' type='qcow2'/> If the qcow2 is using an external
backing file, it may be necessary to re-create the qcow2 file,
explicitly specifying the backing store format with the '-o' option.
qemu- img create -f qcow2 -b master.qcow2 -o backing_fmt=qcow2
newdisk.qcow2 If this is not possible, disk format probing can be
re-enabled via /etc/libvirt/qemu.conf allow_disk_format_probing = 1
NB, enabling disk format probing has security consequences as per the
linked CVEs.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=602455
https://bugzilla.redhat.com/show_bug.cgi?id=607810
https://bugzilla.redhat.com/show_bug.cgi?id=607811
https://bugzilla.redhat.com/show_bug.cgi?id=607812
http://www.nessus.org/u?ecda916b

Solution :

Update the affected libvirt package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:S/C:C/I:N/A:N)

Family: Fedora Local Security Checks

Nessus Plugin ID: 47839 (fedora_2010-11021.nasl)

Bugtraq ID:

CVE ID: CVE-2010-2237
CVE-2010-2238
CVE-2010-2239
CVE-2010-2242

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now