SUSE-SU-2014:0254-1: moderate: Security update for SUSE Studio Onsite 1.3

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Feb 18 12:04:11 MST 2014


   SUSE Security Update: Security update for SUSE Studio Onsite 1.3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0254-1
Rating:             moderate
References:         #799639 #825240 #832483 #832807 #833086 #833349 
                    #841953 #843548 #850443 #852095 #852166 
Cross-References:   CVE-2013-3712
Affected Products:
                    SUSE Studio Onsite 1.3
                    SUSE Studio Extension for System z 1.3
______________________________________________________________________________

   An update that solves one vulnerability and has 10 fixes is
   now available. It includes one version update.

Description:


   This update provides SUSE Studio 1.3.6, including many
   enhancements and bug  fixes. The changes in detail are:

   * #852166: Secret tokens are static as shipped.
   (CVE-2013-3712)
   * #833086: UEFI enabled images are not bootable outside
   of testdrive.
   * #833349: API: No ability to enable UEFI boot.
   * #852095: Add sidebar message to SLE 10 images
   mentioning LTSS.
   * #799639: containment_do.sh: cmd_compress() produces
   truncated tar files.
   * #832807: System Z formats not updated after SP2->SP3
   upgrade.
   * #843548: System Z support introduced bug in
   repository and template import.
   * #850443: SLE 11 templates contain WebYaST
   repositories by default.
   * #825240: EC2 uploads stuck forever.
   * #841953: Building VHD image for Microsoft reports
   wrong image type in webhook.
   * #832483: 2010 copyrights in Studio Runner views.

   Security Issue references:

   * CVE-2013-3712
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3712
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-susestudio-136-201312-8754

   - SUSE Studio Extension for System z 1.3:

      zypper in -t patch slestso13-susestudio-136-201312-8754

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.6]:

      susestudio-1.3.6-0.17.2
      susestudio-bundled-packages-1.3.6-0.17.2
      susestudio-common-1.3.6-0.17.2
      susestudio-runner-1.3.6-0.17.2
      susestudio-sid-1.3.6-0.17.2
      susestudio-ui-server-1.3.6-0.17.2

   - SUSE Studio Extension for System z 1.3 (s390x) [New Version: 1.3.6]:

      susestudio-common-1.3.6-0.17.2
      susestudio-runner-1.3.6-0.17.2
      susestudio-ui-server-1.3.6-0.17.2


References:

   http://support.novell.com/security/cve/CVE-2013-3712.html
   https://bugzilla.novell.com/799639
   https://bugzilla.novell.com/825240
   https://bugzilla.novell.com/832483
   https://bugzilla.novell.com/832807
   https://bugzilla.novell.com/833086
   https://bugzilla.novell.com/833349
   https://bugzilla.novell.com/841953
   https://bugzilla.novell.com/843548
   https://bugzilla.novell.com/850443
   https://bugzilla.novell.com/852095
   https://bugzilla.novell.com/852166
   http://download.novell.com/patch/finder/?keywords=83886a3c3a522ebea6193c18f3b3896d



More information about the sle-updates mailing list