SUSE-SU-2013:1813-1: Security update for SLMS

sle-updates at sle-updates at
Tue Dec 3 17:04:27 MST 2013

   SUSE Security Update: Security update for SLMS

Announcement ID:    SUSE-SU-2013:1813-1
Rating:             low
References:         #799218 #839419 #852101 
Cross-References:   CVE-2013-3710
Affected Products:
                    SUSE Lifecycle Management Server 1.3

   An update that solves one vulnerability and has two fixes
   is now available. It includes one version update.


   This update for SLMS provides the following fixes:

   * Always generate secret key if default one from git is
   used and ensure files containing keys are readable only by
   SLMS. (CVE-2013-3710)
   * Fix valid appliance handling in studio APIv2 which
   return 404 instead of 400.
   * Fix grammar in error message.
   * NetIQ migration L3 fixes: o Fix injecting metadata
   into repodata o Fixed wrong namespace in injecting metadata
   o Prevent oversized logs when log xmlling output o Fix
   crash for download in chunk as it's object doesn't have
   even empty method o Fix crash if additional package is
   inconsistently added and not included in appliance anymore.

   Security Issues:

   * CVE-2013-3710

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Lifecycle Management Server 1.3:

      zypper in -t patch sleslms13-slms-8586

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.7]:



More information about the sle-updates mailing list