Print

---

Synopsis:          Important: libuser security update
Advisory ID:       SLSA-2015:1482-1
Issue Date:        2015-07-23
CVE Numbers:       CVE-2015-3245
                   CVE-2015-3246
--

Two flaws were found in the way the libuser library handled the
/etc/passwd file. A local attacker could use an application compiled
against libuser (for example, userhelper) to manipulate the /etc/passwd
file, which could result in a denial of service or possibly allow the
attacker to escalate their privileges to root. (CVE-2015-3245,
CVE-2015-3246)
--

SL6
  x86_64
    libuser-0.56.13-8.el6_7.i686.rpm
    libuser-0.56.13-8.el6_7.x86_64.rpm
    libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
    libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
    libuser-python-0.56.13-8.el6_7.x86_64.rpm
    libuser-devel-0.56.13-8.el6_7.i686.rpm
    libuser-devel-0.56.13-8.el6_7.x86_64.rpm
  i386
    libuser-0.56.13-8.el6_7.i686.rpm
    libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
    libuser-python-0.56.13-8.el6_7.i686.rpm
    libuser-devel-0.56.13-8.el6_7.i686.rpm

- Scientific Linux Development Team