Oval Definition:oval:com.redhat.rhsa:def:20151482
Revision Date:2015-07-23Version:640
Title:RHSA-2015:1482: libuser security update (Important)
Description:The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages.

  • Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root. (CVE-2015-3245, CVE-2015-3246)

    Red Hat would like to thank Qualys for reporting these issues.

    All libuser users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-3245
    CVE-2015-3246
    RHSA-2015:1482
    RHSA-2015:1482-00
    RHSA-2015:1482-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libuser is earlier than 0:0.56.13-8.el6_7
  • AND libuser is signed with Red Hat redhatrelease2 key
  • libuser-devel is earlier than 0:0.56.13-8.el6_7
  • AND libuser-devel is signed with Red Hat redhatrelease2 key
  • libuser-python is earlier than 0:0.56.13-8.el6_7
  • AND libuser-python is signed with Red Hat redhatrelease2 key
    • BACK