libuser-0.56.13-8.AXS4
エラータID: AXSA:2015-374:01
Release date:
Thursday, August 13, 2015 - 10:27
Subject:
libuser-0.56.13-8.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The libuser library implements a standardized interface for manipulating
and administering user and group accounts. The library uses pluggable
back-ends to interface to its data sources.
Sample applications modeled after those included with the shadow password
suite are included.
Security issues fixed with this release:
CVE-2015-3245
CVE-2015-3246
Solution:
Update packages.
CVEs:
CVE-2015-3245
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
CVE-2015-3246
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
Additional Info:
N/A
Download:
SRPMS
- libuser-0.56.13-8.AXS4.src.rpm
MD5: 4221b617c8f02817f51d5214d071924f
SHA-256: 8735f56a7b7aac5982efad175e3ec508a9401952f705aa3b0f90736fbdd2cd44
Size: 927.01 kB
Asianux Server 4 for x86
- libuser-0.56.13-8.AXS4.i686.rpm
MD5: c611bc41577ca4d103f40fa97fa4f5c7
SHA-256: 84fbab0e04ed35353380aece40157c3d64737bf5028e83ebad2ebaaf6dc4aba8
Size: 367.09 kB - libuser-python-0.56.13-8.AXS4.i686.rpm
MD5: 2bed1441b2dd202221fdac855165bc06
SHA-256: 55312570b463414a7fc4ac9d8586dd91b4833543833f2b0c6d1655babdffd0ac
Size: 49.06 kB
Asianux Server 4 for x86_64
- libuser-0.56.13-8.AXS4.x86_64.rpm
MD5: bbf4b312ff7cca1c5725304174be5826
SHA-256: 65440ae0f70ec95eefa47235feed20093e3515ab54bb63838ca98199378e9a0d
Size: 366.79 kB - libuser-python-0.56.13-8.AXS4.x86_64.rpm
MD5: d34d30ad9b6cb6d10735b7666b3b4676
SHA-256: 89f60d1d9fcc72d039faa02d7f0f6723fda00026d65089a208eb07fc51d59e0d
Size: 49.18 kB - libuser-0.56.13-8.AXS4.i686.rpm
MD5: c611bc41577ca4d103f40fa97fa4f5c7
SHA-256: 84fbab0e04ed35353380aece40157c3d64737bf5028e83ebad2ebaaf6dc4aba8
Size: 367.09 kB
日本語