SUSE-SU-2015:0232-1

Опубликовано: 07 янв. 2015

Источник: suse-cvrf

Описание

Security update for powerpc-utils

powerpc-utils was updated to fix one security issue.

This security issue was fixed:

May expose passwords from fstab or yaboot.con (CVE-2014-4040).

This additional fix was included:

LPAR crashes when drmgr attempts to offline last remaining cpu core (bnc#901216)

Список пакетов

SUSE Linux Enterprise Server 12

powerpc-utils-1.2.22-7.1

SUSE Linux Enterprise Server for SAP Applications 12

powerpc-utils-1.2.22-7.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150232-1/
Link for SUSE-SU-2015:0232-1
https://lists.suse.com/pipermail/sle-security-updates/2015-February/001210.html
E-Mail link for SUSE-SU-2015:0232-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/883174
SUSE Bug 883174
https://bugzilla.suse.com/901216
SUSE Bug 901216
https://www.suse.com/security/cve/CVE-2014-4040/
SUSE CVE CVE-2014-4040 page

Описание

snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Затронутые продукты

SUSE Linux Enterprise Server 12:powerpc-utils-1.2.22-7.1

SUSE Linux Enterprise Server for SAP Applications 12:powerpc-utils-1.2.22-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-4040.html
CVE-2014-4040
https://bugzilla.suse.com/883174
SUSE Bug 883174

SUSE-SU-2015:0232-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server for SAP Applications 12

Ссылки

Уязвимость: CVE-2014-4040

Описание

Затронутые продукты

Ссылки