Описание
Security update for cracklib
This update for cracklib fixes a security issue and a bug:
Security issue fixed:
- Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
The following non security issue was fixed:
- Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
cracklib-2.8.12-56.13.1
cracklib-32bit-2.8.12-56.13.1
cracklib-x86-2.8.12-56.13.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
cracklib-2.8.12-56.13.1
cracklib-32bit-2.8.12-56.13.1
cracklib-x86-2.8.12-56.13.1
SUSE Linux Enterprise Software Development Kit 11 SP4
cracklib-devel-2.8.12-56.13.1
SUSE Studio Onsite 1.3
cracklib-dict-small-2.8.12-56.13.1
Ссылки
- Link for SUSE-SU-2016:2211-1
- E-Mail link for SUSE-SU-2016:2211-1
- SUSE Security Ratings
- SUSE Bug 928923
- SUSE Bug 992966
- SUSE CVE CVE-2016-6318 page
Описание
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:cracklib-2.8.12-56.13.1
SUSE Linux Enterprise Server 11 SP4:cracklib-32bit-2.8.12-56.13.1
SUSE Linux Enterprise Server 11 SP4:cracklib-x86-2.8.12-56.13.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:cracklib-2.8.12-56.13.1
Ссылки
- CVE-2016-6318
- SUSE Bug 1123113
- SUSE Bug 992966