Advisories ยป MGASA-2015-0278

Updated libuser package fixes security vulnerabilities

Publication date: 24 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3245 , CVE-2015-3246

Description

Two flaws were found in the way the libuser library handled the
/etc/passwd file. A local attacker could use an application compiled
against libuser (for example, userhelper) to manipulate the /etc/passwd
file, which could result in a denial of service or possibly allow the
attacker to escalate their privileges to root (CVE-2015-3245,
CVE-2015-3246).
                

References

SRPMS

5/core

4/core