Описание
Security update for yast2-users
yast2-users was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-1601: Empty passwords fields in /etc/shadow after SLES 12 SP1 autoyast installation (bsc#974220).
This update includes a script that fixes installations that we're affected by this problem. It is run automatically upon installing the update.
This non-security issue was fixed:
- bsc#971804: Set root password correctly when using a minimal profile
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
yast2-users-3.1.41.3-9.1
SUSE Linux Enterprise Server 12 SP1
yast2-users-3.1.41.3-9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
yast2-users-3.1.41.3-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1
yast2-users-devel-doc-3.1.41.3-9.1
Ссылки
- Link for SUSE-SU-2016:1138-1
- E-Mail link for SUSE-SU-2016:1138-1
- SUSE Security Ratings
- SUSE Bug 971804
- SUSE Bug 973639
- SUSE Bug 974220
- SUSE CVE CVE-2016-1601 page
Описание
yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:yast2-users-3.1.41.3-9.1
SUSE Linux Enterprise Server 12 SP1:yast2-users-3.1.41.3-9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:yast2-users-3.1.41.3-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:yast2-users-devel-doc-3.1.41.3-9.1
Ссылки
- CVE-2016-1601
- SUSE Bug 973639
- SUSE Bug 974220