Detections
Analytics

MiracleLinux 4 : libguestfs-1.16.19-1.0.1.AXS4 (AXSA:2012-585:02)

medium Nessus Plugin ID 284001

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-585:02 advisory.

 Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests, getting disk used/free statistics (see also: virt-df), migrating between virtualization systems (see also: virt-p2v), performing partial backups, performing partial guest clones, cloning guests and changing registry/UUID/hostname info, and much else besides.
 Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition schemes, qcow, qcow2, vmdk.
 Libguestfs provides ways to enumerate guest storage (eg. partitions, LVs, what filesystem is in each LV, etc.). It can also run commands in the context of the guest.
 Libguestfs is a library that can be linked with C and C++ management programs.
 See also the 'guestfish' package for shell scripting and command line access, and 'libguestfs-mount' for mounting guest filesystems on the host using FUSE.
 For Perl bindings, see 'perl-Sys-Guestfs'.
 For OCaml bindings, see 'ocaml-libguestfs-devel'.
 For Python bindings, see 'python-libguestfs'.
 For Ruby bindings, see 'ruby-libguestfs'.
 For Java bindings, see 'libguestfs-java-devel'.
 Security issues fixed with this release:
 CVE-2012-2690 virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
 Bug Fixes Previously, the virt-clone would adopt some of the properties of the original virtual machine (for example, the clone was created with a NIC identical to the original VM's). This has been solved by 2 new tools: virt-sysprep and virt-sparsify. Virt-sysprep can erase the guest state; virt-sparsify can make the image sparse. Both these tools should be used instead of or in conjunction with virt-clone.
 When trying to mount a non-existent disk, the libguestfs daemon crashed. This has been fixed, a error message is returned and libguestfs does not crash.
 The library containing the guestfs_launch() function has been modified to be thread-safe: two threads from the same program can now access the library.
 After a block device was closed, the udev device manager re-opened the block device through a triggered process. libguestfs operations would then fail, as they expect the disk being available for the kernel to re-read the partition table. This has been fixed: operations now wait for udev to finish.
 Fedora 17 and newer use a symbolic link for the /bin directory. libguestfs has been modified to handle such guests.
 Any disk containing autoexec.bat, boot.ini or the ntdlr file in its root would appear as a Windows root disk for libguestfs. HP recovery partitions were not recognized and libguestfs handled the system as dual- boot, so some virt tools did not work. This has been fixed and HP recovery partitions are not seen as a Windows root disk.
 Fixed libguestfs error string handling and Python programs no longer terminate with a segmentation fault when calling the g.launch()function.
 Enhancements Added the virt-alignment-scan tool and updated virt-resize. Guest partitions can now be diagnosed and their problems fixed, which imporves the partition performance.
 libguestfs operations can now handle HP Smart Array (cciss) devices. The virt-p2v tool can now convert systems that use Linux software RAID devices to run in a VM.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3100

Plugin Details

Severity: Medium

ID: 284001

File Name: miracle_linux_AXSA-2012-585.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-2690

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:libguestfs-java, p-cpe:/a:miracle:linux:libguestfs-tools, p-cpe:/a:miracle:linux:libguestfs-tools-c, p-cpe:/a:miracle:linux:perl-sys-guestfs, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:python-libguestfs, p-cpe:/a:miracle:linux:libguestfs

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/24/2012

Vulnerability Publication Date: 6/12/2012

Reference Information

CVE: CVE-2012-2690