openSUSE Security Update: filezilla: 3.7.3 version and security bugfix update ______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1347-1 Rating: moderate References: #834202 Cross-References: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
FileZilla was updated to version 3.7.3 to add various features, fix bugs and also security issues in the embedded putty ssh client.
Full changelog: https://filezilla-project.org/changelog.php - Noteworthy changes: * Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4852 for reference. * Merge further fixes from PuTTY to address CVE-2013-4206, CVE-2013-4207, CVE-2013-4208
- Version bump to 18.104.22.168 - Fix issues with bundled gnutls - Update translations
- Update to version 3.7.0. Changes since 22.214.171.124: - Show total transfer speed as tooltip over the transfer indicators - List supported protocols in tooltip of host field in quickconnect bar - Use TLS instead of the deprecated term SSL - Reworded text when saving of passwords is disabled, do not refer to kiosk mode - Improved usability of Update page in settings dialog - Improve SFTP performance - When navigating to the parent directory, highlight the former child - When editing files, use high priority for the transfers - Add label to size conditions in filter conditions dialog indicating that the unit is bytes - Ignore drag&drop operations where source and target are identical and clarify the wording in some drop error cases - Trim whitespace from the entered port numbers - Slightly darker color of inactive tabs - Ignore .. item in the file list context menus if multiple items are selected - Display TLS version and key exchange algorithm in certificate and encryption details dialog for FTP over TLS connections. - Fix handling of remote paths containing double-quotes - Fix crash when opening local directories in Explorer if the name contained characters not representable in the locale's narrow-width character set. - Fix a memory leak in the host key verification dialog for SFTP - Fix drag-scrolling in file lists with very low height - Don't attempt writing XML files upon loading them - Improve handling of legacy DDE file associations - Fix handling of HTTPS in the auto updater in case a mirror redirects to HTTPS
- Update to version 126.96.36.199. Changes since 3.5.3: - 188.8.131.52 (2012-11-29) * Fix problems with stalling FTP over TLS uploads * MSW: Minor performance increase listing local files - 184.108.40.206 (2012-11-18) * Fix problems with TLS cipher selection, including a bugfix for GnuTLS * Fix a crash on shutdown * Add log message for servers not using UTF-8 * Small performance and memory optimizations getting file types * Improve formatting of transfer speeds - 3.6.0 (2012-11-10) * Fix a crash introduced since 3.5.3 * IPv6-only hosts should no longer cause a crash in the network configuration wizard
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2013-650
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-650
To bring your system up-to-date, use "zypper patch".
- openSUSE 12.3 (i586 x86_64):
filezilla-3.7.3-5.4.1 filezilla-debuginfo-3.7.3-5.4.1 filezilla-debugsource-3.7.3-5.4.1
- openSUSE 12.3 (noarch):
- openSUSE 12.2 (i586 x86_64):
filezilla-3.7.3-3.4.1 filezilla-debuginfo-3.7.3-3.4.1 filezilla-debugsource-3.7.3-3.4.1
- openSUSE 12.2 (noarch):
http://support.novell.com/security/cve/CVE-2013-4206.html http://support.novell.com/security/cve/CVE-2013-4207.html http://support.novell.com/security/cve/CVE-2013-4208.html http://support.novell.com/security/cve/CVE-2013-4852.html https://bugzilla.novell.com/834202