SCIENTIFIC-LINUX-ERRATA Archives

July 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: libuser on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 24 Jul 2015 13:08:08 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (27 lines) 
Synopsis:          Important: libuser security update
Advisory ID:       SLSA-2015:1483-1
Issue Date:        2015-07-23
CVE Numbers:       CVE-2015-3245
                   CVE-2015-3246
--

Two flaws were found in the way the libuser library handled the
/etc/passwd file. A local attacker could use an application compiled
against libuser (for example, userhelper) to manipulate the /etc/passwd
file, which could result in a denial of service or possibly allow the
attacker to escalate their privileges to root. (CVE-2015-3245,
CVE-2015-3246)
--

SL7
  x86_64
    libuser-debuginfo-0.60-7.el7_1.i686.rpm
    libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
    libuser-0.60-7.el7_1.i686.rpm
    libuser-0.60-7.el7_1.x86_64.rpm
    libuser-python-0.60-7.el7_1.x86_64.rpm
    libuser-devel-0.60-7.el7_1.i686.rpm
    libuser-devel-0.60-7.el7_1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2