DSA-3793-1 shadow -- shadowID: oval:org.secpod.oval:def:602780 | Date: (C)2017-02-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap utility. CVE-2017-2616 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service.
Product: |
login |
passwd |
uidmap |