CVE-2014-8165: remote code execution in powerpc-utils-python

[Florian Weimer <fweimer () redhat com>]

Dhiru Kholia, then of Red Hat Product Security, discovered that
powerpc-utils-python used Python pickles in an insecure way, potentially
resulting in remote code execution as root:

  <http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/>
  <https://bugzilla.redhat.com/show_bug.cgi?id=1073139>

The affected program (amsvis) requires an IBM POWER machine with
firmware support for Active Memory Sharing, or it won't even start.
Such machines appear to be extremely rare.

Active Memory Sharing is not related at all to the Agentless Management
Service from another enterprise vendor, despite the common acronym.

-- 
Florian Weimer / Red Hat Product Security