Synopsis: Moderate: libguestfs security, bug fix, and enhancement update
Advisory ID: SLSA-2013:1536-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-4419
—
It was found that guestfish, which enables shell scripting and command
line access to libguestfs, insecurely created the temporary directory used
to store the network socket when started in server mode. A local attacker
could use this flaw to intercept and modify other user’s guestfish
command, allowing them to perform arbitrary guestfish actions with the
privileges of a different user, or use this flaw to obtain authentication
credentials. (CVE-2013-4419)
—
SL6
x86_64
libguestfs-1.20.11-2.el6.x86_64.rpm
libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm
libguestfs-java-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm
perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm
python-libguestfs-1.20.11-2.el6.x86_64.rpm
libguestfs-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm
ruby-libguestfs-1.20.11-2.el6.x86_64.rpm
The following RPMs were added for dependency resolution:
x86_64
febootstrap-3.21-4.el6.x86_64.rpm
febootstrap-supermin-helper-3.21-4.el6.x86_64.rpm
– Scientific Linux Development Team
