12 Jun 2012
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
A security issue has been reported in libguestfs, which can be exploited by malicious, local users to disclose potentially sensitive information.
The security issue is caused due to the "virt-edit" utility not keeping original file permissions when editing a file inside a virtual machine image, which results in world-readable permissions being set.
The security issue is reported in version 1.16.4. Other versions may also be affected.
Update to version 1.16.24.
Reported by Richard W.M. Jones in a Red Hat bug report.