SUSE Security Update: Security update for spacewalk-java
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1339-1
Rating:             important
References:         #896012 #902182 
Cross-References:   CVE-2014-3595 CVE-2014-3654
Affected Products:
                    SUSE Manager 1.7 for SLE 11 SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.
   It includes one version update.

Description:


   This update fixes various cross-site scripting (XSS) issues in
   spacewalk-java. CVE-2014-3654 and CVE-2014-3595 have been assigned to
   these issues.

   Security Issues:

       * CVE-2014-3654
         
       * CVE-2014-3595
         

Indications:

   Everybody should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.7 for SLE 11 SP2:

      zypper in -t patch sleman17sp2-spacewalk-java-9909

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.33]:

      spacewalk-java-1.7.54.33-0.5.1
      spacewalk-java-config-1.7.54.33-0.5.1
      spacewalk-java-lib-1.7.54.33-0.5.1
      spacewalk-java-oracle-1.7.54.33-0.5.1
      spacewalk-java-postgresql-1.7.54.33-0.5.1
      spacewalk-taskomatic-1.7.54.33-0.5.1


References:

   https://support.novell.com/security/cve/CVE-2014-3595.html
   https://support.novell.com/security/cve/CVE-2014-3654.html
   https://bugzilla.suse.com/show_bug.cgi?id=896012
   https://bugzilla.suse.com/show_bug.cgi?id=902182
   https://download.suse.com/patch/finder/?keywords=93c795b3574d176f0dde9827573343c1

SuSE: 2014:1339-1: important: spacewalk-java

October 31, 2014
An update that fixes two vulnerabilities is now available

Summary

This update fixes various cross-site scripting (XSS) issues in spacewalk-java. CVE-2014-3654 and CVE-2014-3595 have been assigned to these issues. Security Issues: * CVE-2014-3654 * CVE-2014-3595 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-spacewalk-java-9909 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.54.33]: spacewalk-java-1.7.54.33-0.5.1 spacewalk-java-config-1.7.54.33-0.5.1 spacewalk-java-lib-1.7.54.33-0.5.1 spacewalk-java-oracle-1.7.54.33-0.5.1 spacewalk-java-postgresql-1.7.54.33-0.5.1 spacewalk-taskomatic-1.7.54.33-0.5.1

References

#896012 #902182

Cross- CVE-2014-3595 CVE-2014-3654

Affected Products:

SUSE Manager 1.7 for SLE 11 SP2

https://support.novell.com/security/cve/CVE-2014-3595.html

https://support.novell.com/security/cve/CVE-2014-3654.html

https://bugzilla.suse.com/show_bug.cgi?id=896012

https://bugzilla.suse.com/show_bug.cgi?id=902182

https://download.suse.com/patch/finder/?keywords=93c795b3574d176f0dde9827573343c1

Severity
Announcement ID: SUSE-SU-2014:1339-1
Rating: important