Updated libuser package fixes security vulnerabilitiesPublication date: 24 Jul 2015
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3245 , CVE-2015-3246
Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root (CVE-2015-3245, CVE-2015-3246).