Release date:
Updated on:
Affected Systems:
RedHat Enterprise Linux Workstation Optional 6
RedHat Enterprise Linux Workstation 6
RedHat Enterprise Linux Server Optional 6
RedHat Enterprise Linux Server 6
RedHat Enterprise Linux HPC Node Optional 6
RedHat Enterprise Linux Desktop Optional 6
Libvirt
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54126
Cve id: CVE-2012-2693
Libvirt is a free and open-source C function library that supports mainstream virtualization tools in Linux.
In versions earlier than libvirt 0.9.12, when multiple devices have the same vendor and product ID, the USB device of the virtual machine is not correctly allocated, which may cause the client to be associated with an incorrect device, allow local users to access non-target USB devices.
<* Source: Red Hat
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Libvirt
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://libvirt.org/index.html