Synopsis: Moderate: libguestfs security, bug fix, and enhancement update Advisory ID: SLSA-2013:1536-2 Issue Date: 2013-11-21 CVE Numbers: CVE-2013-4419 -- It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local attacker could use this flaw to intercept and modify other user's guestfish command, allowing them to perform arbitrary guestfish actions with the privileges of a different user, or use this flaw to obtain authentication credentials. (CVE-2013-4419) -- SL6 x86_64 libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-java-1.20.11-2.el6.x86_64.rpm libguestfs-tools-1.20.11-2.el6.x86_64.rpm libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm python-libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-devel-1.20.11-2.el6.x86_64.rpm libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm ruby-libguestfs-1.20.11-2.el6.x86_64.rpm The following RPMs were added for dependency resolution: x86_64 febootstrap-3.21-4.el6.x86_64.rpm febootstrap-supermin-helper-3.21-4.el6.x86_64.rpm - Scientific Linux Development Team