SUSE-SU-2013:1894-1: important: Security update for webyast

sle-updates at sle-updates at
Mon Dec 16 11:04:12 MST 2013

   SUSE Security Update: Security update for webyast

Announcement ID:    SUSE-SU-2013:1894-1
Rating:             important
References:         #851116 
Cross-References:   CVE-2013-3709
Affected Products:
                    WebYaST 1.3
                    SUSE Studio Onsite 1.3
                    SUSE Lifecycle Management Server 1.3

   An update that fixes one vulnerability is now available. It
   includes one version update.


   The following security issue has been fixed:

   * CVE-2013-3709: webyast: local privilege escalation
   via secret rails tokens execution. This vulnerability was
   reported by joernchen of Phenoelit.

   Security Issue reference:

   * CVE-2013-3709

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - WebYaST 1.3:

      zypper in -t patch slewyst13-webyast-base-8608

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-webyast-base-8608

   - SUSE Lifecycle Management Server 1.3:

      zypper in -t patch sleslms13-webyast-base-8608

   To bring your system up-to-date, use "zypper patch".

Package List:

   - WebYaST 1.3 (noarch) [New Version:]:


   - SUSE Studio Onsite 1.3 (noarch) [New Version:]:


   - SUSE Lifecycle Management Server 1.3 (noarch) [New Version:]:



More information about the sle-updates mailing list