Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
BDK 11 SP2 openSUSE 12.1 openSUSE 12.1 Update openSUSE 12.2 Update openSUSE Tumbleweed SUSE Cloud 1.0 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Onsite 1.3 SUSE Studio Standard Edition 1.2 WebYaST 1.2 WebYaST 1.3