Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

Scientific Linux: SLSA-2013:1536-2 Moderate: Libguestfs Security Issue

Scientific Large Esm H446
Moderate: libguestfs security, bug fix, and enhancement update
Date: Tue, 3 Dec 2013 20:07:03 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libguestfs on SL6.x x86_64
MIME-Version: 1.0

Synopsis: Moderate: libguestfs security, bug fix, and enhancement update
Advisory ID: SLSA-2013:1536-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-4419
--

It was found that guestfish, which enables shell scripting and command
line access to libguestfs, insecurely created the temporary directory used
to store the network socket when started in server mode. A local attacker
could use this flaw to intercept and modify other user's guestfish
command, allowing them to perform arbitrary guestfish actions with the
privileges of a different user, or use this flaw to obtain authentication
credentials. (CVE-2013-4419)
--

SL6
 x86_64
 libguestfs-1.20.11-2.el6.x86_64.rpm
 libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm
 libguestfs-java-1.20.11-2.el6.x86_64.rpm
 libguestfs-tools-1.20.11-2.el6.x86_64.rpm
 libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm
 perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm
 python-libguestfs-1.20.11-2.el6.x86_64.rpm
 libguestfs-devel-1.20.11-2.el6.x86_64.rpm
 libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm
 libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm
 ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm
 ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm
 ruby-libguestfs-1.20.11-2.el6.x86_64.rpm

The following RPMs were added for dependency resolution:
 x86_64
 febootstrap-3.21-4.el6.x86_64.rpm
 febootstrap-supermin-helper-3.21-4.el6.x86_64.rpm

- Scientific Linux Development Team