Описание
Security update for shadow
This update for shadow fixes several issues.
This security issue was fixed:
- CVE-2017-12424: The newusers tool could have been forced to manipulate internal data structures in ways unintended by the authors. Malformed input may have lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors (bsc#1052261).
These non-security issues were fixed:
- bsc#1023895: Fixed man page to not contain invalid options and also prevent warnings when using these options in certain settings
- bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
shadow-4.2.1-10.1
openSUSE Leap 42.3
shadow-4.2.1-10.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2979-1
- SUSE Security Ratings
Описание
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
Затронутые продукты
openSUSE Leap 42.2:shadow-4.2.1-10.1
openSUSE Leap 42.3:shadow-4.2.1-10.1
Ссылки
- CVE-2017-12424
- SUSE Bug 1052261