ppc64-diag has been updated to prevent the usage of predictable filenames
in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot
tarball was previously generated world readable, which could have leaked
sensible information, which is only visible to root, to all users. It is
now readable for root only (CVE-2014-4039).
Security Issues:
* CVE-2014-4038
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038</a>>
* CVE-2014-4039
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039</a>>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Linux Enterprise Server | 11.3 | ppc64 | ppc64-diag | < 2.6.1-0.14.1 | ppc64-diag-2.6.1-0.14.1.ppc64.rpm |