[go: up one dir, main page]
|
|
Subscribe / Log in / New account

Search results

Query:
Filters:
Content typeCategories
 LWN Feature article
 Guest article
 News item
 Email item
 Security alert
 Security vulnerability
 Kernel patch
 Comment		  Announcements
 Briefs
 Commerce
 Development
 Distributions
 Front
 Kernel
 Legal
 Letters
 Press
 Security
Order by: relevance date

Search results

SUSE security update to shadow
([Security] Posted Oct 19, 2018 14:12 UTC (Fri) by jake )

CVE-2016-6252
Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for shadow fixes the following issues:

   - CVE-2016-6252: Incorrect integer handling could results in local
     privilege escalation (bsc#1099310)


Patch Instructions:

   To install this SUSE

SUSE security update to shadow
([Security] Posted Aug 20, 2018 13:54 UTC (Mon) by jake )

CVE-2016-6252
Affected Products:
                    SUSE CaaS Platform 3.0
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for shadow fixes the following issues:

   - CVE-2016-6252: Incorrect integer handling could results in local
     privilege escalation (bsc#1099310)


Patch Instructions:

   To install this SUSE Security Update use the SUSE

openSUSE security update to shadow
([Security] Posted Jul 30, 2018 14:31 UTC (Mon) by ris )

CVE-2016-6252
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for shadow fixes the following issues:

   - CVE-2016-6252: Incorrect integer handling could results in local
     privilege escalation (bsc#1099310)

   This update was imported from the SUSE:SLE-12-SP2:Update

SUSE security update to shadow
([Security] Posted Jul 19, 2018 14:42 UTC (Thu) by jake )

CVE-2016-6252
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for shadow fixes the following issues:

   - CVE-2016-6252: Fixed incorrect integer

SUSE security update to shadow
([Security] Posted Jul 19, 2018 14:42 UTC (Thu) by jake )

CVE-2016-6252
Affected Products:
                    SUSE OpenStack Cloud 7
                    SUSE Linux Enterprise Server for SAP 12-SP2
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2-LTSS
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE Enterprise Storage 4
                    SUSE CaaS Platform ALL
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update

Ubuntu security update to shadow
([Security] Posted Nov 15, 2017 17:04 UTC (Wed) by ris )

CVE-2016-6252)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  login                           1:4.1.4.2+svn3283-3ubuntu5.2
  passwd                          1:4.1.4.2+svn3283-3ubuntu5.2

In general, a standard system update will make all the necessary
changes.

References:
   https://www.ubuntu.com/usn/usn-3276-3

Gentoo security update to shadow
([Security] Posted Jun 6, 2017 15:53 UTC (Tue) by ris )

CVE identifiers referenced below for details.

Impact
======

A local attacker could possibly cause a Denial of Service condition,
gain privileges via crafted input, or SIGKILL arbitrary processes.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Shadow users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.4-r2"

References
==========

[ 1 ] CVE-2016-6252

Ubuntu security update to shadow
([Security] Posted May 17, 2017 15:45 UTC (Wed) by ris )

CVE-2016-6252)

 Tobias Stöckmann discovered a race condition in su. A local
 attacker could cause su to send SIGKILL to other processes with
 root privileges. (CVE-2017-2616)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  login                           1:4.2-3.2ubuntu1.17.04.2

Oracle security update to kernel
([Security] Posted May 16, 2017 15:43 UTC (Tue) by ris )

CVE-2017-5669}
- vhost: actually track log eventfd file (Marc-André Lureau)  [Orabug: 
25797056]  {CVE-2015-6252}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy 
Whitcroft)  [Orabug: 25814664]  {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window 
(Andy Whitcroft)  [Orabug: 25814664]  {CVE-2017-7184}
- KEYS: Remove key_type::match in favour of overriding default by 
match_preparse (David Howells)  [Orabug: 25823965]  {CVE-2017-2647} 
{CVE-2017-2647}
- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) 
[Orabug: 25825107]  {CVE-2015-5257}
- RDS: fix race condition when sending a message on unbound socket 
(Quentin Casasnovas)  [Orabug: 25871048]  {CVE-2015-6937} {CVE-2015-6937}
- udf: Check path length when reading symlink (Jan Kara)  [Orabug: 
25871104]  {CVE-2015-9731}
- udf: Treat symlink component of type 2 as / (Jan Kara)  [Orabug: 
25871104]  {CVE-2015-9731}
- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) 
[Orabug: 25874741]  {CVE-2016

Oracle security update to kernel
([Security] Posted May 16, 2017 15:43 UTC (Tue) by ris )

CVE-2017-5669}
- vhost: actually track log eventfd file (Marc-André Lureau)  [Orabug: 
25797056]  {CVE-2015-6252}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy 
Whitcroft)  [Orabug: 25814664]  {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window 
(Andy Whitcroft)  [Orabug: 25814664]  {CVE-2017-7184}
- KEYS: Remove key_type::match in favour of overriding default by 
match_preparse (David Howells)  [Orabug: 25823965]  {CVE-2017-2647} 
{CVE-2017-2647}
- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) 
[Orabug: 25825107]  {CVE-2015-5257}
- RDS: fix race condition when sending a message on unbound socket 
(Quentin Casasnovas)  [Orabug: 25871048]  {CVE-2015-6937} {CVE-2015-6937}
- udf: Check path length when reading symlink (Jan Kara)  [Orabug: 
25871104]  {CVE-2015-9731}
- udf: Treat symlink component of type 2 as / (Jan Kara)  [Orabug: 
25871104]  {CVE-2015-9731}
- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) 
[Orabug: 25874741]  {CVE-2016

Oracle security update to kernel
([Security] Posted May 16, 2017 15:43 UTC (Tue) by ris )

CVE-2017-5669}
- vhost: actually track log eventfd file (Marc-André Lureau)  [Orabug: 
25797052]  {CVE-2015-6252}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy 
Whitcroft)  [Orabug: 25814663]  {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window 
(Andy Whitcroft)  [Orabug: 25814663]  {CVE-2017-7184}
- KEYS: Remove key_type::match in favour of overriding default by 
match_preparse (Aniket Alshi)  [Orabug: 25823962]  {CVE-2017-2647} 
{CVE-2017-2647}
- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) 
[Orabug: 25825105]  {CVE-2015-5257} {CVE-2015-5257}
- udf: Check path length when reading symlink (Jan Kara)  [Orabug: 
25871102]  {CVE-2015-9731}
- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) 
[Orabug: 25876655]  {CVE-2016

Oracle security update to kernel
([Security] Posted May 16, 2017 15:43 UTC (Tue) by ris )

CVE-2017-5669}
- vhost: actually track log eventfd file (Marc-André Lureau)  [Orabug: 
25797052]  {CVE-2015-6252}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy 
Whitcroft)  [Orabug: 25814663]  {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window 
(Andy Whitcroft)  [Orabug: 25814663]  {CVE-2017-7184}
- KEYS: Remove key_type::match in favour of overriding default by 
match_preparse (Aniket Alshi)  [Orabug: 25823962]  {CVE-2017-2647} 
{CVE-2017-2647}
- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) 
[Orabug: 25825105]  {CVE-2015-5257} {CVE-2015-5257}
- udf: Check path length when reading symlink (Jan Kara)  [Orabug: 
25871102]  {CVE-2015-9731}
- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) 
[Orabug: 25876655]  {CVE-2016

Ubuntu security update to shadow
([Security] Posted May 5, 2017 14:29 UTC (Fri) by jake )

CVE-2016-6252)

Tobias Stöckmann discovered a race condition in su. A local
attacker could cause su to send SIGKILL to other processes with
root privileges. (CVE-2017-2616)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  login                           1:4.2-3.2ubuntu1.17.04.1

Debian security update to shadow
([Security] Posted Feb 26, 2017 15:20 UTC (Sun) by corbet )

CVE ID         : CVE-2016-6252 CVE-2017-2616
Debian Bug     : 832170 855943

Several vulnerabilities were discovered in the shadow suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2016-6252

    An integer overflow vulnerability was discovered, potentially
    allowing a local user to escalate privileges via crafted input

shadow-utils: two vulnerabilities
([Security] Posted Jan 30, 2017 18:32 UTC (Mon) by ris )

CVE-2016-6251).
 
It was found that shadow-utils-4.2.1 had an incorrect integer handling
problem where it looks like the int wrap is exploitable as a LPE, as the
kernel is using 32bit uid's that are truncated from unsigned longs
(64bit on x64) as returned by simple_strtoul() [map_write()].
(CVE-2016-6252

Mageia security update to shadow-utils
([Security] Posted Jan 30, 2017 18:20 UTC (Mon) by ris )

CVE: CVE-2016-6251,
     CVE-2016-6252

Description:
It was found that shadow-utils-4.2.1 had a potentially unsafe use of
getlogin with the concern that the utmp entry might have a spoofed
username associated with a correct uid (CVE-2016-6251).

It was found that shadow-utils-4.2.1 had an incorrect

openSUSE security update to kernel
([Security] Posted Oct 27, 2016 14:54 UTC (Thu) by jake )

CVE-2013-7446 CVE-2015-0272 CVE-2015-1339
                    CVE-2015-3339 CVE-2015-5307 CVE-2015-6252
                    CVE-2015-6937 CVE-2015-7509 CVE-2015-7515
                    CVE-2015-7550 CVE-2015-7566 CVE-2015-7799
                    CVE-2015-7872 CVE-2015-7990 CVE-2015-8104
                    CVE-2015-8215 CVE-2015-8539 CVE-2015-8543
                    CVE-2015-8569 CVE-2015-8575 CVE-2015-8767
                    CVE-2015-8785 CVE-2015-8812 CVE-2015-8816
                    CVE-2016

SUSE security update to kernel
([Security] Posted Aug 15, 2016 16:11 UTC (Mon) by ris )

CVE-2013-2015 CVE-2013-7446 CVE-2015-0272
                    CVE-2015-3339 CVE-2015-5307 CVE-2015-6252
                    CVE-2015-6937 CVE-2015-7509 CVE-2015-7515
                    CVE-2015-7550 CVE-2015-7566 CVE-2015-7799
                    CVE-2015-7872 CVE-2015-7990 CVE-2015-8104
                    CVE-2015-8215 CVE-2015-8539 CVE-2015-8543
                    CVE-2015-8569 CVE-2015-8575 CVE-2015-8767
                    CVE-2015-8785 CVE-2015-8812 CVE-2015-8816
                    CVE-2016

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds