Mailinglist Archive: opensuse-updates (58 mails)

< Previous Next >
openSUSE-SU-2013:1347-1: moderate: filezilla: 3.7.3 version and security bugfix update
openSUSE Security Update: filezilla: 3.7.3 version and security bugfix update

Announcement ID: openSUSE-SU-2013:1347-1
Rating: moderate
References: #834202
Cross-References: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208
Affected Products:
openSUSE 12.3
openSUSE 12.2

An update that fixes four vulnerabilities is now available.


FileZilla was updated to version 3.7.3 to add various
features, fix bugs and also security issues in the embedded
putty ssh client.

Full changelog:
- Noteworthy changes:
* Apply a fix for a security vulnerability in PuTTY as
used in FileZilla to handle SFTP. See CVE-2013-4852 for
* Merge further fixes from PuTTY to address
CVE-2013-4206, CVE-2013-4207, CVE-2013-4208

- Version bump to
- Fix issues with bundled gnutls
- Update translations

- Update to version 3.7.0. Changes since
- Show total transfer speed as tooltip over the transfer
- List supported protocols in tooltip of host field in
quickconnect bar
- Use TLS instead of the deprecated term SSL
- Reworded text when saving of passwords is disabled, do
not refer to kiosk mode
- Improved usability of Update page in settings dialog
- Improve SFTP performance
- When navigating to the parent directory, highlight the
former child
- When editing files, use high priority for the transfers
- Add label to size conditions in filter conditions
dialog indicating that the unit is bytes
- Ignore drag&drop operations where source and target are
identical and clarify the wording in some drop error
- Trim whitespace from the entered port numbers
- Slightly darker color of inactive tabs
- Ignore .. item in the file list context menus if
multiple items are selected
- Display TLS version and key exchange algorithm in
certificate and encryption details dialog for FTP over
TLS connections.
- Fix handling of remote paths containing double-quotes
- Fix crash when opening local directories in Explorer if
the name contained characters not representable in the
locale's narrow-width character set.
- Fix a memory leak in the host key verification dialog
for SFTP
- Fix drag-scrolling in file lists with very low height
- Don't attempt writing XML files upon loading them
- Improve handling of legacy DDE file associations
- Fix handling of HTTPS in the auto updater in case a
mirror redirects to HTTPS

- Update to version Changes since 3.5.3:
- (2012-11-29)
* Fix problems with stalling FTP over TLS uploads
* MSW: Minor performance increase listing local files
- (2012-11-18)
* Fix problems with TLS cipher selection, including a
bugfix for GnuTLS
* Fix a crash on shutdown
* Add log message for servers not using UTF-8
* Small performance and memory optimizations getting
file types
* Improve formatting of transfer speeds
- 3.6.0 (2012-11-10)
* Fix a crash introduced since 3.5.3
* IPv6-only hosts should no longer cause a crash in the
network configuration wizard

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-650

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-650

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.3 (i586 x86_64):


- openSUSE 12.3 (noarch):


- openSUSE 12.2 (i586 x86_64):


- openSUSE 12.2 (noarch):



< Previous Next >
This Thread
  • No further messages