SuSE Update For Fixes OpenSUSE-SU-2013:1961-1 (Fixes) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit)

Affected

Fixes on openSUSE 13.1

References

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3709

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for icu
SLES10: Security update for epiphany
SLES10: Security update for IBM Java 1.5.0
SLES10: Security update for IBM Java 5
SLES10: Security update for kdegraphics3

SuSE Update for Fixes openSUSE-SU-2013:1961-1 (Fixes)

Take action and discover your vulnerabilities