   SUSE Security Update: Security update for spacewalk-java
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1661-1
Rating:             critical
References:         #848639 
Cross-References:   CVE-2013-4480
Affected Products:
                    SUSE Manager 1.7 for SLE 11 SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available. It
   includes one version update.

Description:


   This update fixes an admin user dialog problem in
   spacewalk. The "add new  admin user" functionality didn't
   get disabled after it was used. So after  install/adding
   the first admin user anyone could have added additional
   admin users.

   Security Issue reference:

   * CVE-2013-4480
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.7 for SLE 11 SP2:

      zypper in -t patch sleman17sp2-spacewalk-java-8506

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.28]:

      spacewalk-java-1.7.54.28-0.9.1
      spacewalk-java-config-1.7.54.28-0.9.1
      spacewalk-java-lib-1.7.54.28-0.9.1
      spacewalk-java-oracle-1.7.54.28-0.9.1
      spacewalk-java-postgresql-1.7.54.28-0.9.1
      spacewalk-taskomatic-1.7.54.28-0.9.1


References:

   https://www.suse.com/security/cve/CVE-2013-4480.html
   https://bugzilla.novell.com/848639
   https://login.microfocus.com/nidp/app/login

SuSE: 2013:1661-1: critical: spacewalk-java

November 12, 2013

An update that fixes one vulnerability is now available

Summary

This update fixes an admin user dialog problem in spacewalk. The "add new admin user" functionality didn't get disabled after it was used. So after install/adding the first admin user anyone could have added additional admin users. Security Issue reference: * CVE-2013-4480 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-spacewalk-java-8506 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.28]: spacewalk-java-1.7.54.28-0.9.1 spacewalk-java-config-1.7.54.28-0.9.1 spacewalk-java-lib-1.7.54.28-0.9.1 spacewalk-java-oracle-1.7.54.28-0.9.1 spacewalk-java-postgresql-1.7.54.28-0.9.1 spacewalk-taskomatic-1.7.54.28-0.9.1

References

#848639

Cross- CVE-2013-4480

Affected Products:

SUSE Manager 1.7 for SLE 11 SP2

https://www.suse.com/security/cve/CVE-2013-4480.html

https://bugzilla.novell.com/848639

https://login.microfocus.com/nidp/app/login

Severity

Announcement ID: SUSE-SU-2013:1661-1

Rating: critical

Related News

19.Laptop Bed Esm H170

Microsoft Reveals Recent Changes & Security Improvements in Windows Subsystem for Linux (WSL)

2 - 4 min read

May 31, 2024

WSL (Windows Subsystem for Linux) , Microsoft's network security toolkit that allows users to run Linux natively on Windows without needing a

11.Locks IsometricPattern Esm H170

New Research Reveals Linux Vulnerability Exploitation Has Doubled

3 - 6 min read

May 31, 2024

Recently conducted research by Kaspersky indicates an alarming rise in cyberattacks using exploits against Linux systems. Data from Kaspersky

32.Lock Code Circular Esm H170

Gomir Linux Backdoor Deployed by Kimsuky APT in South Korean Cyberattacks

1 - 2 min read

May 30, 2024

The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its

6.EmailConnection Touch Esm H170

Thunderbird, Firefox DoS, Info Disclosure Vulns Fixed in Ubuntu and Debian

2 - 3 min read

May 30, 2024

Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and

19.Laptop Bed Esm H170

Critical Security Update for Google Chrome Mitigates Data Loss, Full System Compromise

2 - 3 min read

May 30, 2024

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw enabling remote attackers to execute arbitrary

20.Lock AbstractDigital Circular Esm H170

CISA Adds New Chromium Zero-Day Bug to its Known Exploited Vulnerability Catalog

2 - 3 min read

May 29, 2024

Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other

20.Lock AbstractDigital Circular Esm H170

Multiple Apache HTTP Server Flaws Fixed in Ubuntu

1 - 2 min read

May 28, 2024

The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2). These vulnerabilities

28.Lock Globe Esm H170

Exploring the Central Role of Linux in Quantum Computing

2 - 3 min read

May 26, 2024

The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved