Detections
Analytics
openSUSE Security Update : filezilla (openSUSE-SU-2013:1347-1)
medium Nessus Plugin ID 75120
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
FileZilla was updated to version 3.7.3 to add various features, fix bugs and also security issues in the embedded putty ssh client.Full changelog: https://filezilla-project.org/changelog.php
- Noteworthy changes :
- Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4852 for reference.
- Merge further fixes from PuTTY to address CVE-2013-4206, CVE-2013-4207, CVE-2013-4208
- Version bump to 3.7.0.1
- Fix issues with bundled gnutls
- Update translations
- Update to version 3.7.0. Changes since 3.6.0.2 :
- Show total transfer speed as tooltip over the transfer indicators
- List supported protocols in tooltip of host field in quickconnect bar
- Use TLS instead of the deprecated term SSL
- Reworded text when saving of passwords is disabled, do not refer to kiosk mode
- Improved usability of Update page in settings dialog
- Improve SFTP performance
- When navigating to the parent directory, highlight the former child
- When editing files, use high priority for the transfers
- Add label to size conditions in filter conditions dialog indicating that the unit is bytes
- Ignore drag&drop operations where source and target are identical and clarify the wording in some drop error cases
- Trim whitespace from the entered port numbers
- Slightly darker color of inactive tabs
- Ignore .. item in the file list context menus if multiple items are selected
- Display TLS version and key exchange algorithm in certificate and encryption details dialog for FTP over TLS connections.
- Fix handling of remote paths containing double-quotes
- Fix crash when opening local directories in Explorer if the name contained characters not representable in the locale's narrow-width character set.
- Fix a memory leak in the host key verification dialog for SFTP
- Fix drag-scrolling in file lists with very low height
- Don't attempt writing XML files upon loading them
- Improve handling of legacy DDE file associations
- Fix handling of HTTPS in the auto updater in case a mirror redirects to HTTPS
- Update to version 3.6.0.2. Changes since 3.5.3 :
- 3.6.0.2 (2012-11-29)
- Fix problems with stalling FTP over TLS uploads
- MSW: Minor performance increase listing local files
- 3.6.0.1 (2012-11-18)
- Fix problems with TLS cipher selection, including a bugfix for GnuTLS
- Fix a crash on shutdown
- Add log message for servers not using UTF-8
- Small performance and memory optimizations getting file types
- Improve formatting of transfer speeds
- 3.6.0 (2012-11-10)
- Fix a crash introduced since 3.5.3
- IPv6-only hosts should no longer cause a crash in the network configuration wizard
Solution
Update the affected filezilla packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=834202
https://filezilla-project.org/changelog.php
https://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
Plugin Details
Severity: Medium
ID: 75120
File Name: openSUSE-2013-650.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/13/2014
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:filezilla, p-cpe:/a:novell:opensuse:filezilla-debuginfo, p-cpe:/a:novell:opensuse:filezilla-debugsource, p-cpe:/a:novell:opensuse:filezilla-lang, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/9/2013
Reference Information
CVE: CVE-2013-4206, CVE-2013-4207, CVE-2013-4208, CVE-2013-4852