Fixes a local vulnerability (important)

2013-12-25T18:04:15
ID OPENSUSE-SU-2013:1952-1
Type suse
Reporter Suse
Modified 2013-12-25T18:04:15

Description

Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116)