The Spacewalk frontend displayed a logfile without escaping content,
allowing remote attackers to inject cross site scripting (XSS) into the
admin’s session. (CVE-2014-3595)
Additionally, the following bug was fixed:
* Fixed package upgrade via SSM when using the Oracle DB as backend.
(bnc#889721)
Security Issues:
* CVE-2014-3595
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3595">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3595</a>>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Manager Server | any | noarch | spacewalk-java-oracle | < 2.1.165.6-0.11.1 | spacewalk-java-oracle-2.1.165.6-0.11.1.noarch.rpm |
SUSE Manager Server | any | noarch | spacewalk-java-lib | < 2.1.165.6-0.11.1 | spacewalk-java-lib-2.1.165.6-0.11.1.noarch.rpm |
SUSE Manager Server | any | noarch | spacewalk-taskomatic | < 2.1.165.6-0.11.1 | spacewalk-taskomatic-2.1.165.6-0.11.1.noarch.rpm |
SUSE Manager Server | any | noarch | spacewalk-java | < 2.1.165.6-0.11.1 | spacewalk-java-2.1.165.6-0.11.1.noarch.rpm |
SUSE Manager Server | any | noarch | spacewalk-java-config | < 2.1.165.6-0.11.1 | spacewalk-java-config-2.1.165.6-0.11.1.noarch.rpm |
SUSE Manager Server | any | noarch | spacewalk-java-postgresql | < 2.1.165.6-0.11.1 | spacewalk-java-postgresql-2.1.165.6-0.11.1.noarch.rpm |