openSUSE-SU-2016:2204-1

Опубликовано: 31 авг. 2016

Источник: suse-cvrf

Описание

Security update for cracklib

This update for cracklib fixes the following issues:

Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

cracklib-2.9.0-7.1

cracklib-devel-2.9.0-7.1

cracklib-devel-32bit-2.9.0-7.1

cracklib-dict-small-2.9.0-7.1

libcrack2-2.9.0-7.1

libcrack2-32bit-2.9.0-7.1

libpwquality-1.2.3-5.1

libpwquality-devel-1.2.3-5.1

libpwquality-lang-1.2.3-5.1

libpwquality-tools-1.2.3-5.1

libpwquality1-1.2.3-5.1

pam_pwquality-1.2.3-5.1

python-pwquality-1.2.3-5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html
E-Mail link for openSUSE-SU-2016:2204-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.

Затронутые продукты

openSUSE Leap 42.1:cracklib-2.9.0-7.1

openSUSE Leap 42.1:cracklib-devel-2.9.0-7.1

openSUSE Leap 42.1:cracklib-devel-32bit-2.9.0-7.1

openSUSE Leap 42.1:cracklib-dict-small-2.9.0-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-6318.html
CVE-2016-6318
https://bugzilla.suse.com/1123113
SUSE Bug 1123113
https://bugzilla.suse.com/992966
SUSE Bug 992966

openSUSE-SU-2016:2204-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-6318

Описание

Затронутые продукты

Ссылки