Detections
Analytics

RHEL 7 : powerpc-utils (RHSA-2015:0384)

high Nessus Plugin ID 234428

Language:

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:0384 advisory.

 The powerpc-utils packages provide various utilities for the PowerPC platform.

 A flaw was found in the way the snap utility of powerpc-utils generated an archive containing a configuration snapshot of a service. A local attacker could obtain sensitive information from the generated archive such as plain text passwords. (CVE-2014-4040)

 The powerpc-utils packages have been upgraded to the upstream version 1.2.24, which provides a number of bug fixes and enhancements over the previous version. (BZ#1088539, BZ#1167865, BZ#1161552)

 This update also fixes the following bugs:

 * Previously, the lsdevinfo command did not correctly process the path to the device, which made the path unreadable in the console output of lsdevinfo. With this update, lsdevinfo has been updated and the path is now displayed correctly. (BZ#1079246)

 * Previously, after migrating several Linux partitions, Resource Monitoring and Control (RMC) was inactive and Machine Type, Model, and Serial number (MTMS) were set incorrectly, so the subsequent validation operation failed. This bug has been fixed, and validation is now successful after migration and suspend.
 (BZ#1083221)

 * Previously, when the drmgr tool attempted to remove the last CPU from the system, drmgr became unresponsive or terminated unexpectedly. This bug has been fixed, and drmgr no longer hangs or crashes in the described case. (BZ#1152313)

 * With this update, the drmgr utility has been fixed to correctly gather Logical Memory Block (LMB) information while performing Mem Dynamic Logical Partitioning (DLPAR) on little-endian varian of IBM Power Systems CPU architecture as expected (BZ#1170856).

 * Previously, the ppc64_cpu --threads-per-core command returned incorrect data with the --smt option enabled. This bug has been fixed and ppc64_cpu --threads-per-core now reports correctly with enabled
 --smt. (BZ#1179263)

 In addition, this update adds the following enhancements:

 * This update adds support for the Red Hat Enterprise Linux for POWER, little endian CPU architecture to the powerpc-utils package. (BZ#1124006)

 * This update adds support for hot plugging of the qemu virtio device with the drmgr command to the powerpc-utils package.(BZ#1083791)

 * The deprecated snap tool has been removed from the powerpc-utils packages. Its functionality has been integrated into the sosreport tool. (BZ#1172087)

 * With this update, a dependency on the perl-Data-Dumper package required by the rtas_dump utility has been added to powerpc-utils packages. (BZ#1175812)

 Users of powerpc-utils are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected powerpc-utils package.

See Also

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=1110520

http://www.nessus.org/u?97514768

https://access.redhat.com/errata/RHSA-2015:0384

Plugin Details

Severity: High

ID: 234428

File Name: redhat-RHSA-2015-0384.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/15/2025

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-4040

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:powerpc-utils, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/5/2015

Vulnerability Publication Date: 6/13/2014

Reference Information

CVE: CVE-2014-4040

CWE: 200

RHSA: 2015:0384