Описание
Security update for shadow
This update for shadow fixes several issues.
This security issue was fixed:
- CVE-2017-12424: The newusers tool could have been forced to manipulate internal data structures in ways unintended by the authors. Malformed input may have lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors (bsc#1052261).
These non-security issues were fixed:
- bsc#1023895: Fixed man page to not contain invalid options and also prevent warnings when using these options in certain settings
- bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
shadow-4.2.1-27.3.3
SUSE Linux Enterprise Desktop 12 SP3
shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server 12 SP2
shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server 12 SP3
shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
shadow-4.2.1-27.3.3
Ссылки
- Link for SUSE-SU-2017:2947-1
- E-Mail link for SUSE-SU-2017:2947-1
- SUSE Security Ratings
- SUSE Bug 1023895
- SUSE Bug 1052261
- SUSE Bug 980486
- SUSE CVE CVE-2017-12424 page
Описание
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:shadow-4.2.1-27.3.3
SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server 12 SP2:shadow-4.2.1-27.3.3
SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.3.3
Ссылки
- CVE-2017-12424
- SUSE Bug 1052261