SUSE-SU-2014:1339-1: important: Security update for spacewalk-java

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Oct 31 11:05:07 MDT 2014


   SUSE Security Update: Security update for spacewalk-java
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1339-1
Rating:             important
References:         #896012 #902182 
Cross-References:   CVE-2014-3595 CVE-2014-3654
Affected Products:
                    SUSE Manager 1.7 for SLE 11 SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.
   It includes one version update.

Description:


   This update fixes various cross-site scripting (XSS) issues in
   spacewalk-java. CVE-2014-3654 and CVE-2014-3595 have been assigned to
   these issues.

   Security Issues:

       * CVE-2014-3654
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3654>
       * CVE-2014-3595
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3595>

Indications:

   Everybody should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.7 for SLE 11 SP2:

      zypper in -t patch sleman17sp2-spacewalk-java-9909

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.33]:

      spacewalk-java-1.7.54.33-0.5.1
      spacewalk-java-config-1.7.54.33-0.5.1
      spacewalk-java-lib-1.7.54.33-0.5.1
      spacewalk-java-oracle-1.7.54.33-0.5.1
      spacewalk-java-postgresql-1.7.54.33-0.5.1
      spacewalk-taskomatic-1.7.54.33-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2014-3595.html
   http://support.novell.com/security/cve/CVE-2014-3654.html
   https://bugzilla.suse.com/show_bug.cgi?id=896012
   https://bugzilla.suse.com/show_bug.cgi?id=902182
   http://download.suse.com/patch/finder/?keywords=93c795b3574d176f0dde9827573343c1



More information about the sle-updates mailing list