GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jul 10, 2017 11:26 pm Post subject: [ GLSA 201706-02 ] Shadow |
 |
|
Gentoo Linux Security Advisory
Title: Shadow: Multiple vulnerabilities (GLSA 201706-02)
Severity: high
Exploitable: local
Date: 2017-06-06
Bug(s): #610804, #620510
ID: 201706-02
Synopsis
Multiple vulnerabilities have been found in Shadow, the worst of
which might allow privilege escalation.
Background
Shadow is a set of tools to deal with user accounts.
Affected Packages
Package: sys-apps/shadow
Vulnerable: < 4.4-r2
Unaffected: >= 4.4-r2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Shadow. Please review
the CVE identifiers referenced below for details.
Impact
A local attacker could possibly cause a Denial of Service condition,
gain privileges via crafted input, or SIGKILL arbitrary processes.
Workaround
There is no known workaround at this time.
Resolution
All Shadow users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.4-r2"
|
References
CVE-2016-6252
CVE-2017-2616 |
|
News & Announcements
