Mailinglist Archive: opensuse-security-announce (16 mails)

< Previous Next >
[security-announce] SUSE-SU-2013:1894-1: important: Security update for webyast
SUSE Security Update: Security update for webyast

Announcement ID: SUSE-SU-2013:1894-1
Rating: important
References: #851116
Cross-References: CVE-2013-3709
Affected Products:
WebYaST 1.3
SUSE Studio Onsite 1.3
SUSE Lifecycle Management Server 1.3

An update that fixes one vulnerability is now available. It
includes one version update.


The following security issue has been fixed:

* CVE-2013-3709: webyast: local privilege escalation
via secret rails tokens execution. This vulnerability was
reported by joernchen of Phenoelit.

Security Issue reference:

* CVE-2013-3709

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- WebYaST 1.3:

zypper in -t patch slewyst13-webyast-base-8608

- SUSE Studio Onsite 1.3:

zypper in -t patch slestso13-webyast-base-8608

- SUSE Lifecycle Management Server 1.3:

zypper in -t patch sleslms13-webyast-base-8608

To bring your system up-to-date, use "zypper patch".

Package List:

- WebYaST 1.3 (noarch) [New Version:]:


- SUSE Studio Onsite 1.3 (noarch) [New Version:]:


- SUSE Lifecycle Management Server 1.3 (noarch) [New Version:]:



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages