Advisories » MGASA-2016-0308

Updated slock packages fix security vulnerability

Publication date: 21 Sep 2016
Modification date: 21 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6866

Description

The slock utility is susceptible to crash when verifying a password for
a user without a valid shadow hash entry (CVE-2016-6866).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19218
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866

SRPMS

5/core

• slock-1.1-5.1.mga5