SUSE Security Update: Security update for ppc64-diag ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0928-1 Rating: important References: #882667 Cross-References: CVE-2014-4038 CVE-2014-4039 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: ppc64-diag has been updated to prevent the usage of predictable filenames in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot tarball was previously generated world readable, which could have leaked sensible information, which is only visible to root, to all users. It is now readable for root only (CVE-2014-4039). Security Issues: * CVE-2014-4038 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038> * CVE-2014-4039 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ppc64-diag-9533 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (ppc64): ppc64-diag-2.6.1-0.14.1 References: http://support.novell.com/security/cve/CVE-2014-4038.html http://support.novell.com/security/cve/CVE-2014-4039.html https://bugzilla.novell.com/882667 http://download.suse.com/patch/finder/?keywords=26da23b6b57c4c1578e0de40de51... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org