mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

virt-edit: Document CVE-2012-2690.

Browse Source
This commit is contained in:
Richard W.M. Jones
2012-06-14 12:22:26 +01:00
parent 199cc2853c
commit d43e3d63de
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
edit/virt-edit.pod
View File

@@ -326,6 +326,20 @@ C<touch>, C<write> or C<upload> instead:
guestfish --rw -i -d domname upload localfile /newfile
=head1 CVE-2012-2690
Old versions of both virt-edit and the guestfish C<edit> command
created a new file containing the changes but did not set the
permissions, etc of the new file to match the old one. The result of
this was that if you edited a security sensitive file such as
C</etc/shadow> then it would be left world-readable after the edit.
This issue was assigned CVE-2012-2690, and is fixed in
libguestfs E<ge> 1.16.
For further information, see
https://bugzilla.redhat.com/show_bug.cgi?id=788642
=head1 ENVIRONMENT VARIABLES
=over 4