Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

SUSE: 2014:0928-1 Important: Fixes for ppc64-diag File Issues

suse
Calendar Grey July 23, 2014
Dist Suse Esm H88
Debian Security Update for python3 addresses critical vulnerabilities concerning memory allocation and integrity in application handling.
An update that fixes two vulnerabilities is now available

Summary

ppc64-diag has been updated to prevent the usage of predictable filenames in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot tarball was previously generated world readable, which could have leaked sensible information, which is only visible to root, to all users. It is now readable for root only (CVE-2014-4039). Security Issues: * CVE-2014-4038 * CVE-2014-4039 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ppc64-diag-9533 To bring your system up-to-date, use "zypper patch".

Topics%20covered

Topics Covered

security advisory SUSE file permissions important updates script predictability

References

#882667

Cross- CVE-2014-4038 CVE-2014-4039

Affected Products:

SUSE Linux Enterprise Server 11 SP3

https://www.suse.com/security/cve/CVE-2014-4038.html

https://www.suse.com/security/cve/CVE-2014-4039.html

https://scc.suse.com:443/patches/

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2014:0928-1
Rating: important

Topics%20covered

Topics Covered

security advisory SUSE file permissions important updates script predictability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here