SUSE-SU-2014:0254-1: moderate: Security update for SUSE Studio Onsite 1.3
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Feb 18 12:04:11 MST 2014
SUSE Security Update: Security update for SUSE Studio Onsite 1.3
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0254-1
Rating: moderate
References: #799639 #825240 #832483 #832807 #833086 #833349
#841953 #843548 #850443 #852095 #852166
Cross-References: CVE-2013-3712
Affected Products:
SUSE Studio Onsite 1.3
SUSE Studio Extension for System z 1.3
______________________________________________________________________________
An update that solves one vulnerability and has 10 fixes is
now available. It includes one version update.
Description:
This update provides SUSE Studio 1.3.6, including many
enhancements and bug fixes. The changes in detail are:
* #852166: Secret tokens are static as shipped.
(CVE-2013-3712)
* #833086: UEFI enabled images are not bootable outside
of testdrive.
* #833349: API: No ability to enable UEFI boot.
* #852095: Add sidebar message to SLE 10 images
mentioning LTSS.
* #799639: containment_do.sh: cmd_compress() produces
truncated tar files.
* #832807: System Z formats not updated after SP2->SP3
upgrade.
* #843548: System Z support introduced bug in
repository and template import.
* #850443: SLE 11 templates contain WebYaST
repositories by default.
* #825240: EC2 uploads stuck forever.
* #841953: Building VHD image for Microsoft reports
wrong image type in webhook.
* #832483: 2010 copyrights in Studio Runner views.
Security Issue references:
* CVE-2013-3712
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3712
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-susestudio-136-201312-8754
- SUSE Studio Extension for System z 1.3:
zypper in -t patch slestso13-susestudio-136-201312-8754
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.6]:
susestudio-1.3.6-0.17.2
susestudio-bundled-packages-1.3.6-0.17.2
susestudio-common-1.3.6-0.17.2
susestudio-runner-1.3.6-0.17.2
susestudio-sid-1.3.6-0.17.2
susestudio-ui-server-1.3.6-0.17.2
- SUSE Studio Extension for System z 1.3 (s390x) [New Version: 1.3.6]:
susestudio-common-1.3.6-0.17.2
susestudio-runner-1.3.6-0.17.2
susestudio-ui-server-1.3.6-0.17.2
References:
http://support.novell.com/security/cve/CVE-2013-3712.html
https://bugzilla.novell.com/799639
https://bugzilla.novell.com/825240
https://bugzilla.novell.com/832483
https://bugzilla.novell.com/832807
https://bugzilla.novell.com/833086
https://bugzilla.novell.com/833349
https://bugzilla.novell.com/841953
https://bugzilla.novell.com/843548
https://bugzilla.novell.com/850443
https://bugzilla.novell.com/852095
https://bugzilla.novell.com/852166
http://download.novell.com/patch/finder/?keywords=83886a3c3a522ebea6193c18f3b3896d
More information about the sle-security-updates
mailing list