Security update for webyast (important)

2013-12-1619:04:14

lists.opensuse.org

EPSS

0.001

Percentile

16.0%

JSON

The following security issue has been fixed:

CVE-2013-3709: webyast: local privilege escalation
via secret rails tokens execution. This vulnerability was
reported by joernchen of Phenoelit.

OSVersionArchitecturePackageVersionFilename
SUSE Lifecycle Management Server1.3noarchwebyast-base< 0.3.43.1-0.5.1webyast-base-0.3.43.1-0.5.1.noarch.rpm
WebYaST1.3noarchwebyast-base-branding-default< 0.3.43.1-0.5.1webyast-base-branding-default-0.3.43.1-0.5.1.noarch.rpm
SUSE Studio Onsite1.3noarchwebyast-base< 0.3.43.1-0.5.1webyast-base-0.3.43.1-0.5.1.noarch.rpm
WebYaST1.3noarchwebyast-base< 0.3.43.1-0.5.1webyast-base-0.3.43.1-0.5.1.noarch.rpm
SUSE Lifecycle Management Server1.3noarchwebyast-base-branding-default< 0.3.43.1-0.5.1webyast-base-branding-default-0.3.43.1-0.5.1.noarch.rpm
SUSE Studio Onsite1.3noarchwebyast-base-branding-default< 0.3.43.1-0.5.1webyast-base-branding-default-0.3.43.1-0.5.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Lifecycle Management Server	1.3	noarch	webyast-base	< 0.3.43.1-0.5.1	webyast-base-0.3.43.1-0.5.1.noarch.rpm
WebYaST	1.3	noarch	webyast-base-branding-default	< 0.3.43.1-0.5.1	webyast-base-branding-default-0.3.43.1-0.5.1.noarch.rpm
SUSE Studio Onsite	1.3	noarch	webyast-base	< 0.3.43.1-0.5.1	webyast-base-0.3.43.1-0.5.1.noarch.rpm
WebYaST	1.3	noarch	webyast-base	< 0.3.43.1-0.5.1	webyast-base-0.3.43.1-0.5.1.noarch.rpm
SUSE Lifecycle Management Server	1.3	noarch	webyast-base-branding-default	< 0.3.43.1-0.5.1	webyast-base-branding-default-0.3.43.1-0.5.1.noarch.rpm
SUSE Studio Onsite	1.3	noarch	webyast-base-branding-default	< 0.3.43.1-0.5.1	webyast-base-branding-default-0.3.43.1-0.5.1.noarch.rpm