Content-Transfer-Encoding: |
7bit |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Tue, 3 Dec 2013 20:07:03 +0000 |
MIME-Version: |
1.0 |
Content-Type: |
text/plain; charset="utf-8" |
Reply-To: |
|
Parts/Attachments: |
|
|
Synopsis: Moderate: libguestfs security, bug fix, and enhancement update
Advisory ID: SLSA-2013:1536-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-4419
--
It was found that guestfish, which enables shell scripting and command
line access to libguestfs, insecurely created the temporary directory used
to store the network socket when started in server mode. A local attacker
could use this flaw to intercept and modify other user's guestfish
command, allowing them to perform arbitrary guestfish actions with the
privileges of a different user, or use this flaw to obtain authentication
credentials. (CVE-2013-4419)
--
SL6
x86_64
libguestfs-1.20.11-2.el6.x86_64.rpm
libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm
libguestfs-java-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm
perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm
python-libguestfs-1.20.11-2.el6.x86_64.rpm
libguestfs-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm
ruby-libguestfs-1.20.11-2.el6.x86_64.rpm
The following RPMs were added for dependency resolution:
x86_64
febootstrap-3.21-4.el6.x86_64.rpm
febootstrap-supermin-helper-3.21-4.el6.x86_64.rpm
- Scientific Linux Development Team
|
|
|