diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-06-14 12:22:26 +0100 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-06-14 12:25:06 +0100 |
| commit | d43e3d63de1622e98313bb797922dfd7d95ddd11 (patch) | |
| tree | 0fa8de8e893a3b2fc31bb80d5228af341f8e931c /edit | |
| parent | 199cc2853c586b384a2b45154b06437d3fc38e89 (diff) | |
| download | libguestfs-d43e3d63de1622e98313bb797922dfd7d95ddd11.tar.gz libguestfs-d43e3d63de1622e98313bb797922dfd7d95ddd11.tar.xz libguestfs-d43e3d63de1622e98313bb797922dfd7d95ddd11.zip | |
virt-edit: Document CVE-2012-2690.
Diffstat (limited to 'edit')
| -rw-r--r-- | edit/virt-edit.pod | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/edit/virt-edit.pod b/edit/virt-edit.pod index bec45421..765b8b27 100644 --- a/edit/virt-edit.pod +++ b/edit/virt-edit.pod @@ -326,6 +326,20 @@ C<touch>, C<write> or C<upload> instead: guestfish --rw -i -d domname upload localfile /newfile +=head1 CVE-2012-2690 + +Old versions of both virt-edit and the guestfish C<edit> command +created a new file containing the changes but did not set the +permissions, etc of the new file to match the old one. The result of +this was that if you edited a security sensitive file such as +C</etc/shadow> then it would be left world-readable after the edit. + +This issue was assigned CVE-2012-2690, and is fixed in +libguestfs E<ge> 1.16. + +For further information, see +https://bugzilla.redhat.com/show_bug.cgi?id=788642 + =head1 ENVIRONMENT VARIABLES =over 4 |