Описание
Security update for cracklib
This update for cracklib fixes the following issues:
- Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
cracklib-2.9.0-7.1
libcrack2-2.9.0-7.1
libcrack2-32bit-2.9.0-7.1
SUSE Linux Enterprise Server 12 SP1
cracklib-2.9.0-7.1
libcrack2-2.9.0-7.1
libcrack2-32bit-2.9.0-7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
cracklib-2.9.0-7.1
libcrack2-2.9.0-7.1
libcrack2-32bit-2.9.0-7.1
SUSE Linux Enterprise Software Development Kit 12 SP1
cracklib-devel-2.9.0-7.1
Ссылки
- Link for SUSE-SU-2016:2107-1
- E-Mail link for SUSE-SU-2016:2107-1
- SUSE Security Ratings
- SUSE Bug 992966
- SUSE CVE CVE-2016-6318 page
Описание
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:cracklib-2.9.0-7.1
SUSE Linux Enterprise Desktop 12 SP1:libcrack2-2.9.0-7.1
SUSE Linux Enterprise Desktop 12 SP1:libcrack2-32bit-2.9.0-7.1
SUSE Linux Enterprise Server 12 SP1:cracklib-2.9.0-7.1
Ссылки
- CVE-2016-6318
- SUSE Bug 1123113
- SUSE Bug 992966