openSUSE Security Update : filezilla (openSUSE-SU-2013:1347-1)
Medium Nessus Plugin ID 75120
SynopsisThe remote openSUSE host is missing a security update.
DescriptionFileZilla was updated to version 3.7.3 to add various features, fix bugs and also security issues in the embedded putty ssh client.
Full changelog: https://filezilla-project.org/changelog.php
- Noteworthy changes :
- Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4852 for reference.
- Merge further fixes from PuTTY to address CVE-2013-4206, CVE-2013-4207, CVE-2013-4208
- Version bump to 220.127.116.11
- Fix issues with bundled gnutls
- Update translations
- Update to version 3.7.0. Changes since 18.104.22.168 :
- Show total transfer speed as tooltip over the transfer indicators
- List supported protocols in tooltip of host field in quickconnect bar
- Use TLS instead of the deprecated term SSL
- Reworded text when saving of passwords is disabled, do not refer to kiosk mode
- Improved usability of Update page in settings dialog
- Improve SFTP performance
- When navigating to the parent directory, highlight the former child
- When editing files, use high priority for the transfers
- Add label to size conditions in filter conditions dialog indicating that the unit is bytes
- Ignore drag&drop operations where source and target are identical and clarify the wording in some drop error cases
- Trim whitespace from the entered port numbers
- Slightly darker color of inactive tabs
- Ignore .. item in the file list context menus if multiple items are selected
- Display TLS version and key exchange algorithm in certificate and encryption details dialog for FTP over TLS connections.
- Fix handling of remote paths containing double-quotes
- Fix crash when opening local directories in Explorer if the name contained characters not representable in the locale's narrow-width character set.
- Fix a memory leak in the host key verification dialog for SFTP
- Fix drag-scrolling in file lists with very low height
- Don't attempt writing XML files upon loading them
- Improve handling of legacy DDE file associations
- Fix handling of HTTPS in the auto updater in case a mirror redirects to HTTPS
- Update to version 22.214.171.124. Changes since 3.5.3 :
- 126.96.36.199 (2012-11-29)
- Fix problems with stalling FTP over TLS uploads
- MSW: Minor performance increase listing local files
- 188.8.131.52 (2012-11-18)
- Fix problems with TLS cipher selection, including a bugfix for GnuTLS
- Fix a crash on shutdown
- Add log message for servers not using UTF-8
- Small performance and memory optimizations getting file types
- Improve formatting of transfer speeds
- 3.6.0 (2012-11-10)
- Fix a crash introduced since 3.5.3
- IPv6-only hosts should no longer cause a crash in the network configuration wizard
SolutionUpdate the affected filezilla packages.