Jump to content
Compatible Support Forums
Sign in to follow this  

[security-announce] SUSE-SU-2013:0053-1: important: Security update for WebYaST

Recommended Posts

SUSE Security Update: Security update for WebYaST



Announcement ID: SUSE-SU-2013:0053-1

Rating: important

References: #792712

Cross-References: CVE-2012-0435

Affected Products:

WebYaST 1.2

SUSE Studio Standard Edition 1.2



An update that fixes one vulnerability is now available. It

includes one version update.





The hosts list used by WebYaST for connecting to it's back

end part was modifiable allowing to point to a malicious

website which then could access all values sent by WebYaST.


The /host configuration path was removed to fix this issue.


Security Issue reference:


* CVE-2012-0435




Patch Instructions:


To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:


- WebYaST 1.2:


zypper in -t patch slewyst12-webyast-base-ui-7236


- SUSE Studio Standard Edition 1.2:


zypper in -t patch sleslms12-webyast-base-ui-7236


To bring your system up-to-date, use "zypper patch".



Package List:


- WebYaST 1.2 (noarch) [New Version: 0.2.63]:






- SUSE Studio Standard Edition 1.2 (noarch) [New Version: 0.2.63]:












To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org




Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this