Security update for SLMS
SUSE Security Update: Security update for SLMS
This update for SLMS provides the following fixes:
* Always generate secret key if default one from git is
used and ensure files containing keys are readable only by
SLMS. (CVE-2013-3710)
* Fix valid appliance handling in studio APIv2 which
return 404 instead of 400.
* Fix grammar in error message.
* NetIQ migration L3 fixes: o Fix injecting metadata
into repodata o Fixed wrong namespace in injecting metadata
o Prevent oversized logs when log xmlling output o Fix
crash for download in chunk as it's object doesn't have
even empty method o Fix crash if additional package is
inconsistently added and not included in appliance anymore.
Security Issues:
* CVE-2013-3710
>
| Announcement ID: | SUSE-SU-2013:1813-1 |
| Rating: | low |
| References: | #799218 #839419 #852101 |
| Affected Products: |
An update that solves one vulnerability and has two fixes is now available. It includes one version update.
Description:
This update for SLMS provides the following fixes:
* Always generate secret key if default one from git is
used and ensure files containing keys are readable only by
SLMS. (CVE-2013-3710)
* Fix valid appliance handling in studio APIv2 which
return 404 instead of 400.
* Fix grammar in error message.
* NetIQ migration L3 fixes: o Fix injecting metadata
into repodata o Fixed wrong namespace in injecting metadata
o Prevent oversized logs when log xmlling output o Fix
crash for download in chunk as it's object doesn't have
even empty method o Fix crash if additional package is
inconsistently added and not included in appliance anymore.
Security Issues:
* CVE-2013-3710
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Lifecycle Management Server 1.3:
zypper in -t patch sleslms13-slms-8586
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.7]:
- slms-1.3.7-0.5.1
- slms-core-1.3.7-0.5.1
- slms-customer-center-1.3.7-0.5.1
- slms-devel-doc-1.3.7-0.5.1
- slms-external-1.3.7-0.5.1
- slms-registration-1.3.7-0.5.1
- slms-testsuite-1.3.7-0.5.1
References:
- http://support.novell.com/security/cve/CVE-2013-3710.html
- https://bugzilla.novell.com/799218
- https://bugzilla.novell.com/839419
- https://bugzilla.novell.com/852101
- http://download.suse.com/patch/finder/?keywords=737458eaeb41721b046145a5f89dac3e