Moderate CentOS libguestfs Update

Metadata

medium
6.8
libguestfs-1.20.11-2.el6.src.rpm, libguestfs-1.20.11-2.el6.x86_64.rpm, libguestfs-devel-1.20.11-2.el6.x86_64.rpm, libguestfs-java-1.20.11-2.el6.x86_64.rpm, libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm, libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm, libguestfs-tools-1.20.11-2.el6.x86_64.rpm, libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm, ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm, ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm, perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm, python-libguestfs-1.20.11-2.el6.x86_64.rpm, ruby-libguestfs-1.20.11-2.el6.x86_64.rpm
CVE-2013-4419
rhn.redhat.com, lists.centos.org
2013-11-26
2017-07-27 19:06
CVE-2013-4419 libguestfs
CVE-2013-4419
2017-04-01 19:07
2017-01-05 20:11

Description


Updated libguestfs packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.


Libguestfs is a library and set of tools for accessing and modifying guest
disk images.

It was found that guestfish, which enables shell scripting and command line
access to libguestfs, insecurely created the temporary directory used to
store the network socket when started in server mode. A local attacker
could use this flaw to intercept and modify other user's guestfish command,
allowing them to perform arbitrary guestfish actions with the privileges of
a different user, or use this flaw to obtain authentication credentials.
(CVE-2013-4419)

This issue was discovered by Michael Scherer of the Red Hat Regional IT
team.

These updated libguestfs packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All libguestfs users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements.

Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libguestfs libguestfs-1.20.11-2.el6.src.rpm
libguestfs libguestfs-1.20.11-2.el6.x86_64.rpm
libguestfs-devel libguestfs-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-java libguestfs-java-1.20.11-2.el6.x86_64.rpm
libguestfs-java-devel libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm
libguestfs-javadoc libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm
libguestfs-tools libguestfs-tools-1.20.11-2.el6.x86_64.rpm
libguestfs-tools-c libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm
ocaml-libguestfs-devel ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm
perl-Sys-Guestfs perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm
python-libguestfs python-libguestfs-1.20.11-2.el6.x86_64.rpm
ruby-libguestfs ruby-libguestfs-1.20.11-2.el6.x86_64.rpm