Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2014:0928-1: important: Security update for ppc64-diag

Recommended Posts

SUSE Security Update: Security update for ppc64-diag

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2014:0928-1

Rating: important

References: #882667

Cross-References: CVE-2014-4038 CVE-2014-4039

Affected Products:

SUSE Linux Enterprise Server 11 SP3

______________________________________________________________________________

 

An update that fixes two vulnerabilities is now available.

 

Description:

 

 

ppc64-diag has been updated to prevent the usage of predictable filenames

in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot

tarball was previously generated world readable, which could have leaked

sensible information, which is only visible to root, to all users. It is

now readable for root only (CVE-2014-4039).

 

Security Issues:

 

* CVE-2014-4038

 

* CVE-2014-4039

 

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Server 11 SP3:

 

zypper in -t patch slessp3-ppc64-diag-9533

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Server 11 SP3 (ppc64):

 

ppc64-diag-2.6.1-0.14.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2014-4038.html

http://support.novell.com/security/cve/CVE-2014-4039.html

https://bugzilla.novell.com/882667

http://download.suse.com/patch/finder/?keywords=26da23b6b57c4c1578e0de40de51309c

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×