openSUSE Security Update : filezilla (openSUSE-SU-2013:1347-1)

Medium Nessus Plugin ID 75120


The remote openSUSE host is missing a security update.


FileZilla was updated to version 3.7.3 to add various features, fix bugs and also security issues in the embedded putty ssh client.

Full changelog:

- Noteworthy changes :

- Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4852 for reference.

- Merge further fixes from PuTTY to address CVE-2013-4206, CVE-2013-4207, CVE-2013-4208

- Version bump to

- Fix issues with bundled gnutls

- Update translations

- Update to version 3.7.0. Changes since :

- Show total transfer speed as tooltip over the transfer indicators

- List supported protocols in tooltip of host field in quickconnect bar

- Use TLS instead of the deprecated term SSL

- Reworded text when saving of passwords is disabled, do not refer to kiosk mode

- Improved usability of Update page in settings dialog

- Improve SFTP performance

- When navigating to the parent directory, highlight the former child

- When editing files, use high priority for the transfers

- Add label to size conditions in filter conditions dialog indicating that the unit is bytes

- Ignore drag&drop operations where source and target are identical and clarify the wording in some drop error cases

- Trim whitespace from the entered port numbers

- Slightly darker color of inactive tabs

- Ignore .. item in the file list context menus if multiple items are selected

- Display TLS version and key exchange algorithm in certificate and encryption details dialog for FTP over TLS connections.

- Fix handling of remote paths containing double-quotes

- Fix crash when opening local directories in Explorer if the name contained characters not representable in the locale's narrow-width character set.

- Fix a memory leak in the host key verification dialog for SFTP

- Fix drag-scrolling in file lists with very low height

- Don't attempt writing XML files upon loading them

- Improve handling of legacy DDE file associations

- Fix handling of HTTPS in the auto updater in case a mirror redirects to HTTPS

- Update to version Changes since 3.5.3 :

- (2012-11-29)

- Fix problems with stalling FTP over TLS uploads

- MSW: Minor performance increase listing local files

- (2012-11-18)

- Fix problems with TLS cipher selection, including a bugfix for GnuTLS

- Fix a crash on shutdown

- Add log message for servers not using UTF-8

- Small performance and memory optimizations getting file types

- Improve formatting of transfer speeds

- 3.6.0 (2012-11-10)

- Fix a crash introduced since 3.5.3

- IPv6-only hosts should no longer cause a crash in the network configuration wizard


Update the affected filezilla packages.

See Also

Plugin Details

Severity: Medium

ID: 75120

File Name: openSUSE-2013-650.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2016/05/20

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:filezilla, p-cpe:/a:novell:opensuse:filezilla-debuginfo, p-cpe:/a:novell:opensuse:filezilla-debugsource, p-cpe:/a:novell:opensuse:filezilla-lang, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/08/09

Reference Information

CVE: CVE-2013-4206, CVE-2013-4207, CVE-2013-4208, CVE-2013-4852

OSVDB: 95970, 96080, 96081, 96210