Scientific Linux: SLSA-2015:1482-1 Critical: libuser Privilege Escalation

Date: Mon, 3 Aug 2015 15:32:23 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Important: libuser on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150803153223.24582.57405@slpackages.fnal.gov>

Synopsis: Important: libuser security update
Advisory ID: SLSA-2015:1482-1
Issue Date: 2015-07-23
CVE Numbers: CVE-2015-3245
 CVE-2015-3246
--

Two flaws were found in the way the libuser library handled the
/etc/passwd file. A local attacker could use an application compiled
against libuser (for example, userhelper) to manipulate the /etc/passwd
file, which could result in a denial of service or possibly allow the
attacker to escalate their privileges to root. (CVE-2015-3245,
CVE-2015-3246)
--

SL6
 x86_64
 libuser-0.56.13-8.el6_7.i686.rpm
 libuser-0.56.13-8.el6_7.x86_64.rpm
 libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
 libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
 libuser-python-0.56.13-8.el6_7.x86_64.rpm
 libuser-devel-0.56.13-8.el6_7.i686.rpm
 libuser-devel-0.56.13-8.el6_7.x86_64.rpm
 i386
 libuser-0.56.13-8.el6_7.i686.rpm
 libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
 libuser-python-0.56.13-8.el6_7.i686.rpm
 libuser-devel-0.56.13-8.el6_7.i686.rpm

- Scientific Linux Development Team