Описание
Security update for powerpc-utils
The 'snap' system information collection tool of the PowerPC Utils package collected fstab and yaboot.conf files which might contain passwords. (CVE-2014-4040)
As these files are of interest, we now print a warning that the user of the 'snap' tool should check if private passwords are in those files.
Security Issues:
* CVE-2014-4040
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4040>
Список пакетов
SUSE Linux Enterprise Server 11 SP3
powerpc-utils-1.2.16-0.13.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
powerpc-utils-1.2.16-0.13.1
Ссылки
- Link for SUSE-RU-2015:0574-1
- E-Mail link for SUSE-RU-2015:0574-1
- SUSE Security Ratings
- SUSE Bug 879310
- SUSE Bug 879839
- SUSE Bug 883174
- SUSE Bug 901216
- SUSE CVE CVE-2014-4040 page
Описание
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3:powerpc-utils-1.2.16-0.13.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:powerpc-utils-1.2.16-0.13.1
Ссылки
- CVE-2014-4040
- SUSE Bug 883174