Security update for SUSE Studio Onsite 1.3
   SUSE Security Update: Security update for SUSE Studio Onsite 1.3
  
This update provides SUSE Studio 1.3.6, including many
enhancements and bug fixes. The changes in detail are:
* #852166: Secret tokens are static as shipped.
(CVE-2013-3712)
* #833086: UEFI enabled images are not bootable outside
of testdrive.
* #833349: API: No ability to enable UEFI boot.
* #852095: Add sidebar message to SLE 10 images
mentioning LTSS.
* #799639: containment_do.sh: cmd_compress() produces
truncated tar files.
* #832807: System Z formats not updated after SP2->SP3
upgrade.
* #843548: System Z support introduced bug in
repository and template import.
* #850443: SLE 11 templates contain WebYaST
repositories by default.
* #825240: EC2 uploads stuck forever.
* #841953: Building VHD image for Microsoft reports
wrong image type in webhook.
* #832483: 2010 copyrights in Studio Runner views.
Security Issue references:
* CVE-2013-3712
| Announcement ID: | SUSE-SU-2014:0254-1 | 
| Rating: | moderate | 
| References: | #799639 #825240 #832483 #832807 #833086 #833349 #841953 #843548 #850443 #852095 #852166 | 
| Affected Products: | 
An update that solves one vulnerability and has 10 fixes is now available. It includes one version update.
Description:
This update provides SUSE Studio 1.3.6, including many
enhancements and bug fixes. The changes in detail are:
* #852166: Secret tokens are static as shipped.
(CVE-2013-3712)
* #833086: UEFI enabled images are not bootable outside
of testdrive.
* #833349: API: No ability to enable UEFI boot.
* #852095: Add sidebar message to SLE 10 images
mentioning LTSS.
* #799639: containment_do.sh: cmd_compress() produces
truncated tar files.
* #832807: System Z formats not updated after SP2->SP3
upgrade.
* #843548: System Z support introduced bug in
repository and template import.
* #850443: SLE 11 templates contain WebYaST
repositories by default.
* #825240: EC2 uploads stuck forever.
* #841953: Building VHD image for Microsoft reports
wrong image type in webhook.
* #832483: 2010 copyrights in Studio Runner views.
Security Issue references:
* CVE-2013-3712
Patch Instructions:
   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
 zypper in -t patch slestso13-susestudio-136-201312-8754
- SUSE Studio Extension for System z 1.3:
 zypper in -t patch slestso13-susestudio-136-201312-8754
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.6]:
- susestudio-1.3.6-0.17.2
- susestudio-bundled-packages-1.3.6-0.17.2
- susestudio-common-1.3.6-0.17.2
- susestudio-runner-1.3.6-0.17.2
- susestudio-sid-1.3.6-0.17.2
- susestudio-ui-server-1.3.6-0.17.2
- SUSE Studio Extension for System z 1.3 (s390x) [New Version: 1.3.6]:
- susestudio-common-1.3.6-0.17.2
- susestudio-runner-1.3.6-0.17.2
- susestudio-ui-server-1.3.6-0.17.2
References:
- http://support.novell.com/security/cve/CVE-2013-3712.html
- https://bugzilla.novell.com/799639
- https://bugzilla.novell.com/825240
- https://bugzilla.novell.com/832483
- https://bugzilla.novell.com/832807
- https://bugzilla.novell.com/833086
- https://bugzilla.novell.com/833349
- https://bugzilla.novell.com/841953
- https://bugzilla.novell.com/843548
- https://bugzilla.novell.com/850443
- https://bugzilla.novell.com/852095
- https://bugzilla.novell.com/852166
- http://download.novell.com/patch/finder/?keywords=83886a3c3a522ebea6193c18f3b3896d