You are here
Home > Preporuke > Ranjivost komponente WebYaST

Ranjivost komponente WebYaST

SUSE Security Update: Security update for WebYaST
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0022-1
Rating: important
References: #851116
Cross-References: CVE-2013-3709
Affected Products:
WebYaST 1.2
______________________________________________________________________________

An update that fixes one vulnerability is now available. It
includes one version update.

Description:

In the past WebYAST was installed with world readable
secret tokens. Although these were modified on the start
of the webyast service and so could not be read from
remote, it was possible for local attackers on the same
machine to read the secrets and so gain local root access
via the webyast services. This has been fixed.
(CVE-2013-3709)

Security Issue reference:

* CVE-2013-3709
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3709
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– WebYaST 1.2:

zypper in -t patch slewyst12-webyast-base-ui-8706

To bring your system up-to-date, use “zypper patch”.

Package List:

– WebYaST 1.2 (noarch) [New Version: 0.2.64]:

webyast-base-ui-0.2.64-0.3.1
webyast-base-ui-branding-default-0.2.64-0.3.1
webyast-base-ui-testsuite-0.2.64-0.3.1

References:

http://support.novell.com/security/cve/CVE-2013-3709.html
https://bugzilla.novell.com/851116
http://download.novell.com/patch/finder/?keywords=af7e4362e22d530ab6e447346f0afdfb


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa devscripts

Otkriven je sigurnosni nedostatak u programskom paketu devscripts. Otkriveni nedostatak se javalja u radu alata uscan i potencijalnim napadačima omogućuju...

Close