Date: Fri, 24 Jul 2015 13:08:08 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Important: libuser on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20150724130808.15291.70614@slpackages.fnal.gov>
Synopsis: Important: libuser security update
Advisory ID: SLSA-2015:1483-1
Issue Date: 2015-07-23
CVE Numbers: CVE-2015-3245
CVE-2015-3246
--
Two flaws were found in the way the libuser library handled the
/etc/passwd file. A local attacker could use an application compiled
against libuser (for example, userhelper) to manipulate the /etc/passwd
file, which could result in a denial of service or possibly allow the
attacker to escalate their privileges to root. (CVE-2015-3245,
CVE-2015-3246)
--
SL7
x86_64
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm
- Scientific Linux Development Team
SciLinux: CVE-2015-3245 Important: libuser SL7.x x86_64
Important: libuser security update
Summary
Important: libuser security update
Security Fixes
Severity
Advisory ID: SLSA-2015:1483-1
Issued Date: : 2015-07-23
CVE Numbers: CVE-2015-3245
CVE-2015-3246
News
HOWTOs
Features
About Us
Powered By
