SuSE Update For Fixes OpenSUSE-SU-2013:1961-1 (Fixes) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit)

Affected

Fixes on openSUSE 13.1

References

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3709
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for gecko-sdk and mozilla-xulrunner
SLES10: Security update for libxml2
SLES10: Security update for libtiff
SLES10: Security update for kdelibs3
SLES10: Security update for epiphany

SuSE Update for Fixes openSUSE-SU-2013:1961-1 (Fixes)

Take action and discover your vulnerabilities