openSUSE Security Update : filezilla (openSUSE-SU-2013:1347-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

FileZilla was updated to version 3.7.3 to add various features, fix
bugs and also security issues in the embedded putty ssh client.

Full changelog:

- Noteworthy changes :

- Apply a fix for a security vulnerability in PuTTY as
used in FileZilla to handle SFTP. See CVE-2013-4852 for

- Merge further fixes from PuTTY to address CVE-2013-4206,
CVE-2013-4207, CVE-2013-4208

- Version bump to

- Fix issues with bundled gnutls

- Update translations

- Update to version 3.7.0. Changes since :

- Show total transfer speed as tooltip over the transfer

- List supported protocols in tooltip of host field in
quickconnect bar

- Use TLS instead of the deprecated term SSL

- Reworded text when saving of passwords is disabled, do
not refer to kiosk mode

- Improved usability of Update page in settings dialog

- Improve SFTP performance

- When navigating to the parent directory, highlight the
former child

- When editing files, use high priority for the transfers

- Add label to size conditions in filter conditions dialog
indicating that the unit is bytes

- Ignore drag&drop operations where source and target are
identical and clarify the wording in some drop error

- Trim whitespace from the entered port numbers

- Slightly darker color of inactive tabs

- Ignore .. item in the file list context menus if
multiple items are selected

- Display TLS version and key exchange algorithm in
certificate and encryption details dialog for FTP over
TLS connections.

- Fix handling of remote paths containing double-quotes

- Fix crash when opening local directories in Explorer if
the name contained characters not representable in the
locale's narrow-width character set.

- Fix a memory leak in the host key verification dialog
for SFTP

- Fix drag-scrolling in file lists with very low height

- Don't attempt writing XML files upon loading them

- Improve handling of legacy DDE file associations

- Fix handling of HTTPS in the auto updater in case a
mirror redirects to HTTPS

- Update to version Changes since 3.5.3 :

- (2012-11-29)

- Fix problems with stalling FTP over TLS uploads

- MSW: Minor performance increase listing local files

- (2012-11-18)

- Fix problems with TLS cipher selection, including a
bugfix for GnuTLS

- Fix a crash on shutdown

- Add log message for servers not using UTF-8

- Small performance and memory optimizations getting file

- Improve formatting of transfer speeds

- 3.6.0 (2012-11-10)

- Fix a crash introduced since 3.5.3

- IPv6-only hosts should no longer cause a crash in the
network configuration wizard

See also :

Solution :

Update the affected filezilla packages.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 75120 ()

Bugtraq ID:

CVE ID: CVE-2013-4206

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now