SUSE-SU-2013:1813-1: Security update for SLMS

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Dec 3 17:04:27 MST 2013 

   SUSE Security Update: Security update for SLMS
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1813-1
Rating:             low
References:         #799218 #839419 #852101 
Cross-References:   CVE-2013-3710
Affected Products:
                    SUSE Lifecycle Management Server 1.3
______________________________________________________________________________

   An update that solves one vulnerability and has two fixes
   is now available. It includes one version update.

Description:


   This update for SLMS provides the following fixes:

   * Always generate secret key if default one from git is
   used and ensure files containing keys are readable only by
   SLMS. (CVE-2013-3710)
   * Fix valid appliance handling in studio APIv2 which
   return 404 instead of 400.
   * Fix grammar in error message.
   * NetIQ migration L3 fixes: o Fix injecting metadata
   into repodata o Fixed wrong namespace in injecting metadata
   o Prevent oversized logs when log xmlling output o Fix
   crash for download in chunk as it's object doesn't have
   even empty method o Fix crash if additional package is
   inconsistently added and not included in appliance anymore.

   Security Issues:

   * CVE-2013-3710
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3710
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Lifecycle Management Server 1.3:

      zypper in -t patch sleslms13-slms-8586

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.7]:

      slms-1.3.7-0.5.1
      slms-core-1.3.7-0.5.1
      slms-customer-center-1.3.7-0.5.1
      slms-devel-doc-1.3.7-0.5.1
      slms-external-1.3.7-0.5.1
      slms-registration-1.3.7-0.5.1
      slms-testsuite-1.3.7-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2013-3710.html
   https://bugzilla.novell.com/799218
   https://bugzilla.novell.com/839419
   https://bugzilla.novell.com/852101
   http://download.novell.com/patch/finder/?keywords=737458eaeb41721b046145a5f89dac3e

More information about the sle-security-updates mailing list