You are here
Home > Preporuke > Sigurnosni propusti programskog paketa ppc64-diag

Sigurnosni propusti programskog paketa ppc64-diag

SUSE Security Update: Security update for ppc64-diag
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0928-1
Rating: important
References: #882667
Cross-References: CVE-2014-4038 CVE-2014-4039
Affected Products:
SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

ppc64-diag has been updated to prevent the usage of predictable filenames
in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot
tarball was previously generated world readable, which could have leaked
sensible information, which is only visible to root, to all users. It is
now readable for root only (CVE-2014-4039).

Security Issues:

* CVE-2014-4038
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038>
* CVE-2014-4039
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-ppc64-diag-9533

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11 SP3 (ppc64):

ppc64-diag-2.6.1-0.14.1

References:

http://support.novell.com/security/cve/CVE-2014-4038.html
http://support.novell.com/security/cve/CVE-2014-4039.html
https://bugzilla.novell.com/882667
http://download.suse.com/patch/finder/?keywords=26da23b6b57c4c1578e0de40de51309c


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Višestruke ranjivosti programskog paketa oxide-qt

Otkrivene su višestruke ranjivosti programskog paketa oxide-qt za Ubuntu 14.04 LTS. Ranjivosti zahavćaju razne dijelove paketa, a mogle su biti...

Close