SUSE Security Update: Security update for guestfs
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1626-1
Rating:             important
References:         #845720 
Cross-References:   CVE-2013-4419
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   A predictable socketname in the guestfish commandline tool
   could be used by  a local attacker to gain access to
   guestfish sessions of other users on the  same system.
   (CVE-2013-4419)

   Security Issue reference:

   * CVE-2013-4419
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4419
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-guestfs-data-8465

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-guestfs-data-8465

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):

      libguestfs-devel-1.20.4-0.18.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):

      guestfs-data-1.20.4-0.18.1
      guestfs-tools-1.20.4-0.18.1
      guestfsd-1.20.4-0.18.1
      libguestfs0-1.20.4-0.18.1


References:

   http://support.novell.com/security/cve/CVE-2013-4419.html
   https://bugzilla.novell.com/845720
   ?keywords=a62e0c01924fc90649fc00040b92d6ad

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org