Candidate: CVE-2012-2690
PublicDate: 2012-06-29 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2690
 https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
 https://bugzilla.redhat.com/show_bug.cgi?id=788642
 http://www.openwall.com/lists/oss-security/2012/06/11/1
 http://www.openwall.com/lists/oss-security/2012/06/11/5
 https://rhn.redhat.com/errata/RHSA-2012-0774.html
Description:
 virt-edit in libguestfs before 1.18.0 does not preserve the permissions
 from the original file and saves the new file with world-readable
 permissions when editing, which might allow local guest users to obtain
 sensitive information.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/1012259
 https://bugzilla.redhat.com/show_bug.cgi?id=831117
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libguestfs:
 other: https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
upstream_libguestfs: released (1:1.18.0-1)
hardy_libguestfs: DNE
lucid_libguestfs: DNE
natty_libguestfs: DNE
oneiric_libguestfs: DNE
precise_libguestfs: ignored (reached end-of-life)
precise/esm_libguestfs: DNE (precise was needs-triage)
quantal_libguestfs: not-affected (1:1.18.1-1)
raring_libguestfs: not-affected (1:1.18.1-1)
saucy_libguestfs: not-affected (1:1.18.1-1)
trusty_libguestfs: not-affected (1:1.18.1-1)
trusty/esm_libguestfs: DNE (trusty was not-affected [1:1.18.1-1])
utopic_libguestfs: not-affected (1:1.18.1-1)
vivid_libguestfs: not-affected (1:1.18.1-1)
vivid/stable-phone-overlay_libguestfs: DNE
vivid/ubuntu-core_libguestfs: DNE
wily_libguestfs: not-affected (1:1.18.1-1)
xenial_libguestfs: not-affected (1:1.18.1-1)
yakkety_libguestfs: not-affected (1:1.18.1-1)
zesty_libguestfs: not-affected (1:1.18.1-1)
devel_libguestfs: not-affected (1:1.18.1-1)