Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

SUSE: 2014:1339-1 Important: Cross-Site Scripting Issues in Spacewalk-Java

suse
Calendar Grey October 31, 2014
Dist Suse Esm H88
SUSE Security Patch for spacewalk-java addresses severe XSS vulnerabilities in SUSE Manager. Implement the patch immediately!
An update that fixes two vulnerabilities is now available

Summary

This update fixes various cross-site scripting (XSS) issues in spacewalk-java. CVE-2014-3654 and CVE-2014-3595 have been assigned to these issues. Security Issues: * CVE-2014-3654 * CVE-2014-3595 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-spacewalk-java-9909 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.33]: spacewalk-java-1.7.54.33-0.5.1

Topics%20covered

Topics Covered

security advisory critical cross-site scripting important SUSE Manager SLE 11 spacewalk-java

References

#896012 #902182

Cross- CVE-2014-3595 CVE-2014-3654

Affected Products:

SUSE Manager 1.7 for SLE 11 SP2

https://www.suse.com/security/cve/CVE-2014-3595.html

https://www.suse.com/security/cve/CVE-2014-3654.html

https://bugzilla.suse.com/show_bug.cgi?id=896012

https://bugzilla.suse.com/show_bug.cgi?id=902182

https://scc.suse.com:443/patches/

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2014:1339-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical cross-site scripting important SUSE Manager SLE 11 spacewalk-java

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here