Fixed CVE-2013-3709: make the secret token file
(secret_token.rb) readable only for the webyast user to
avoid forging the session cookie (bnc#851116)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 12.3 | noarch | webyast-base | < 0.3.43.1-1.4.1 | webyast-base-0.3.43.1-1.4.1.noarch.rpm |
openSUSE | 12.3 | noarch | webyast-base-testsuite | < 0.3.43.1-1.4.1 | webyast-base-testsuite-0.3.43.1-1.4.1.noarch.rpm |
openSUSE | 12.3 | noarch | webyast-base-branding-default | < 0.3.43.1-1.4.1 | webyast-base-branding-default-0.3.43.1-1.4.1.noarch.rpm |