Detections
Analytics
MiracleLinux 7 : libguestfs-1.32.7-3.0.1.el7.AXS7, virt-p2v-1.32.7-2.el7 (AXSA:2016-1143:01)
critical Nessus Plugin ID 291578
Synopsis
The remote MiracleLinux host is missing a security update.Description
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1143:01 advisory.libguestfs Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org It can be used to make batch configuration changes to guests, get disk used/free statistics (virt-df), migrate between hypervisors (virt-p2v, virt-v2v), perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch (virt-builder) and much more.
Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition schemes, qcow, qcow2, vmdk.
Libguestfs for Red Hat Enterprise Linux is split into several subpackages.
The basic subpackages are:
libguestfs C library libguestfs-tools virt-* tools, guestfish and guestmount (FUSE) libguestfs-tools-c only the subset of virt tools written in C (for reduced dependencies) virt-dib safe and secure diskimage-builder replacement virt-v2v convert virtual or physical machines to run on KVM (also known as V2V and P2V) For enhanced features, install:
libguestfs-gfs2 adds Global Filesystem (GFS2) support libguestfs-inspect-icons adds support for inspecting guest icons libguestfs-rescue enhances virt-rescue shell with more tools libguestfs-rsync rsync to/from guest filesystems libguestfs-xfs adds XFS support Language bindings:
libguestfs-devel C/C header files and library libguestfs-gobject-devel GObject bindings and GObject Introspection libguestfs-java-devel Java bindings lua-guestfs Lua bindings ocaml-libguestfs-devel OCaml bindings perl-Sys-Guestfs Perl bindings python-libguestfs Python bindings ruby-libguestfs Ruby bindings virt-p2v Virt-p2v is a tool that converts physical machines to run under KVM.
Security issues fixed with this release:
CVE-2015-8869 OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
The following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7).
Additional Changes:
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 291578
File Name: miracle_linux_AXSA-2016-1143.nasl
Version: 1.1
Type: local
Published: 1/19/2026
Updated: 1/19/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS Score Source: CVE-2015-8869
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:miracle:linux:libguestfs-java, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:libguestfs-tools, p-cpe:/a:miracle:linux:libguestfs-tools-c, p-cpe:/a:miracle:linux:perl-sys-guestfs, p-cpe:/a:miracle:linux:virt-v2v, p-cpe:/a:miracle:linux:libguestfs-xfs, p-cpe:/a:miracle:linux:python-libguestfs, p-cpe:/a:miracle:linux:libguestfs, p-cpe:/a:miracle:linux:virt-p2v
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/2/2016
Vulnerability Publication Date: 5/4/2016
Reference Information
CVE: CVE-2015-8869