![]() |
Subject: Security ERRATA Moderate: libguestfs on SL6.x x86_64 Newsgroups: gmane.linux.scientific.errata Date: Tuesday 3rd December 2013 20:07:03 UTC (over 4 years ago) Synopsis: Moderate: libguestfs security, bug fix, and enhancement update Advisory ID: SLSA-2013:1536-2 Issue Date: 2013-11-21 CVE Numbers: CVE-2013-4419 -- It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local attacker could use this flaw to intercept and modify other user's guestfish command, allowing them to perform arbitrary guestfish actions with the privileges of a different user, or use this flaw to obtain authentication credentials. (CVE-2013-4419) -- SL6 x86_64 libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-java-1.20.11-2.el6.x86_64.rpm libguestfs-tools-1.20.11-2.el6.x86_64.rpm libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm python-libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-devel-1.20.11-2.el6.x86_64.rpm libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm ruby-libguestfs-1.20.11-2.el6.x86_64.rpm The following RPMs were added for dependency resolution: x86_64 febootstrap-3.21-4.el6.x86_64.rpm febootstrap-supermin-helper-3.21-4.el6.x86_64.rpm - Scientific Linux Development Team |
||