Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: libguestfs on SL6.x x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Tuesday 3rd December 2013 20:07:03 UTC (over 2 years ago)
Synopsis:          Moderate: libguestfs security, bug fix, and enhancement
update
Advisory ID:       SLSA-2013:1536-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2013-4419
--

It was found that guestfish, which enables shell scripting and command
line access to libguestfs, insecurely created the temporary directory used
to store the network socket when started in server mode. A local attacker
could use this flaw to intercept and modify other user's guestfish
command, allowing them to perform arbitrary guestfish actions with the
privileges of a different user, or use this flaw to obtain authentication
credentials. (CVE-2013-4419)
--

SL6
  x86_64
    libguestfs-1.20.11-2.el6.x86_64.rpm
    libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm
    libguestfs-java-1.20.11-2.el6.x86_64.rpm
    libguestfs-tools-1.20.11-2.el6.x86_64.rpm
    libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm
    perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm
    python-libguestfs-1.20.11-2.el6.x86_64.rpm
    libguestfs-devel-1.20.11-2.el6.x86_64.rpm
    libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm
    libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm
    ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm
    ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm
    ruby-libguestfs-1.20.11-2.el6.x86_64.rpm

The following RPMs were added for dependency resolution:
  x86_64
    febootstrap-3.21-4.el6.x86_64.rpm
    febootstrap-supermin-helper-3.21-4.el6.x86_64.rpm

- Scientific Linux Development Team
 
CD: 4ms