Mailinglist Archive: opensuse-updates (58 mails)

< Previous Next >
openSUSE-SU-2013:1347-1: moderate: filezilla: 3.7.3 version and security bugfix update
openSUSE Security Update: filezilla: 3.7.3 version and security bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1347-1
Rating: moderate
References: #834202
Cross-References: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208
CVE-2013-4852
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:


FileZilla was updated to version 3.7.3 to add various
features, fix bugs and also security issues in the embedded
putty ssh client.

Full changelog: https://filezilla-project.org/changelog.php
- Noteworthy changes:
* Apply a fix for a security vulnerability in PuTTY as
used in FileZilla to handle SFTP. See CVE-2013-4852 for
reference.
* Merge further fixes from PuTTY to address
CVE-2013-4206, CVE-2013-4207, CVE-2013-4208

- Version bump to 3.7.0.1
- Fix issues with bundled gnutls
- Update translations

- Update to version 3.7.0. Changes since 3.6.0.2:
- Show total transfer speed as tooltip over the transfer
indicators
- List supported protocols in tooltip of host field in
quickconnect bar
- Use TLS instead of the deprecated term SSL
- Reworded text when saving of passwords is disabled, do
not refer to kiosk mode
- Improved usability of Update page in settings dialog
- Improve SFTP performance
- When navigating to the parent directory, highlight the
former child
- When editing files, use high priority for the transfers
- Add label to size conditions in filter conditions
dialog indicating that the unit is bytes
- Ignore drag&drop operations where source and target are
identical and clarify the wording in some drop error
cases
- Trim whitespace from the entered port numbers
- Slightly darker color of inactive tabs
- Ignore .. item in the file list context menus if
multiple items are selected
- Display TLS version and key exchange algorithm in
certificate and encryption details dialog for FTP over
TLS connections.
- Fix handling of remote paths containing double-quotes
- Fix crash when opening local directories in Explorer if
the name contained characters not representable in the
locale's narrow-width character set.
- Fix a memory leak in the host key verification dialog
for SFTP
- Fix drag-scrolling in file lists with very low height
- Don't attempt writing XML files upon loading them
- Improve handling of legacy DDE file associations
- Fix handling of HTTPS in the auto updater in case a
mirror redirects to HTTPS

- Update to version 3.6.0.2. Changes since 3.5.3:
- 3.6.0.2 (2012-11-29)
* Fix problems with stalling FTP over TLS uploads
* MSW: Minor performance increase listing local files
- 3.6.0.1 (2012-11-18)
* Fix problems with TLS cipher selection, including a
bugfix for GnuTLS
* Fix a crash on shutdown
* Add log message for servers not using UTF-8
* Small performance and memory optimizations getting
file types
* Improve formatting of transfer speeds
- 3.6.0 (2012-11-10)
* Fix a crash introduced since 3.5.3
* IPv6-only hosts should no longer cause a crash in the
network configuration wizard


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-650

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-650

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

filezilla-3.7.3-5.4.1
filezilla-debuginfo-3.7.3-5.4.1
filezilla-debugsource-3.7.3-5.4.1

- openSUSE 12.3 (noarch):

filezilla-lang-3.7.3-5.4.1

- openSUSE 12.2 (i586 x86_64):

filezilla-3.7.3-3.4.1
filezilla-debuginfo-3.7.3-3.4.1
filezilla-debugsource-3.7.3-3.4.1

- openSUSE 12.2 (noarch):

filezilla-lang-3.7.3-3.4.1


References:

http://support.novell.com/security/cve/CVE-2013-4206.html
http://support.novell.com/security/cve/CVE-2013-4207.html
http://support.novell.com/security/cve/CVE-2013-4208.html
http://support.novell.com/security/cve/CVE-2013-4852.html
https://bugzilla.novell.com/834202


< Previous Next >
This Thread
  • No further messages