Download
| Alert*
oval:org.secpod.oval:def:605039
passwd is installed oval:org.secpod.oval:def:51793 shadow: system login tools Details: USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory USN-3276-1 introduced a regression in su. oval:org.secpod.oval:def:602887 The update for the shadow suite issued as DSA-3793-1 introduced a regression in su signal handling. If su receives a signal like SIGTERM, it is not propagated to the child. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:78192 shadow: system login tools Several security issues were fixed in shadow. oval:org.secpod.oval:def:601582 passwd is installed oval:org.secpod.oval:def:600198 Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments. Packages in the oldstable distribution are not affected by this problem. oval:org.secpod.oval:def:707830 shadow: system login tools Details: USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending furth ... oval:org.secpod.oval:def:707826 shadow: system login tools shadow could be made to overwrite files. oval:org.secpod.oval:def:2000758 An issue was discovered in shadow 4.5. newgidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator ... oval:org.secpod.oval:def:2001154 In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control ... oval:org.secpod.oval:def:703584 shadow: system login tools su could be made to crash or stop programs as an administrator. oval:org.secpod.oval:def:51782 shadow: system login tools su could be made to crash or stop programs as an administrator. oval:org.secpod.oval:def:703607 shadow: system login tools Details: USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory USN-3276-1 introduced a regression in su. oval:org.secpod.oval:def:602780 Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap ... oval:org.secpod.oval:def:708763 shadow: system login tools shadow could be made to expose sensitive information. oval:org.secpod.oval:def:98715 shadow: system login tools shadow could be made to expose sensitive information. |