Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

  1. Get $5 off your first Lyft ride while helping us pay for hosting Linux.org! --> $5 Lyft
    Dismiss Notice

Ubuntu Security Update USN-3276-3: shadow vulnerability

Discussion in 'Linux Security Announcements (Automated)' started by LinuxBot, Nov 14, 2017 at 7:22 PM.

  1. LinuxBot

    LinuxBot Moderator
    Staff Member

    Joined:
    Apr 25, 2017
    Messages:
    30
    Likes Received:
    1
    Ubuntu Security Notice USN-3276-3


    14th November, 2017



    shadow vulnerability


    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 12.04 LTS
    Summary


    su could be made to crash or stop programs as an administrator.

    Software description

    • shadow - system login tools
    Details


    USN-3276-1 and USN-3276-2 fixed vulnerabilities in shadow. This update
    provides the corresponding update for Ubuntu 12.04 ESM.

    Original advisory details:

    Sebastian Krahmer discovered integer overflows in shadow utilities.
    A local attacker could possibly cause them to crash or potentially
    gain privileges via crafted input. (CVE-2016-6252)

    Update instructions


    The problem can be corrected by updating your system to the following package version:

    Ubuntu 12.04 LTS:
    passwd 1:4.1.4.2+svn3283-3ubuntu5.2
    login 1:4.1.4.2+svn3283-3ubuntu5.2

    To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary changes.

    References


    CVE-2017-2616

    Continue reading...
     

Share This Page