setup-2.8.71-10.el7
エラータID: AXSA:2019-3677:01
The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals.
Security Fix(es):
* setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.
CVE-2018-1113
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise
Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This
violates security assumptions made by pam_shells and some daemons
which allow access based on a user's shell being listed in
/etc/shells. Under some circumstances, users which had their shell
changed to /sbin/nologin could still access the system.
Update packages.
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
N/A
SRPMS
- setup-2.8.71-10.el7.src.rpm
MD5: 377fdd72a89e41ef6f08a30f53c706a5
SHA-256: aef9750f174b1dd4d149fc706ee1a9221816b0c0063fc0e6d3bd69b9384ac9fe
Size: 194.74 kB
Asianux Server 7 for x86_64
- setup-2.8.71-10.el7.noarch.rpm
MD5: 2b16c5a9c6a0c6785aa86df276032923
SHA-256: 22d2fc8c606b65a4f8d884a70d378d2ce71ec0d64b695bdb1a11e2c557f9c225
Size: 164.91 kB