1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
PublicDateAtUSN: 2017-02-17
Candidate: CVE-2016-6252
PublicDate: 2017-02-17
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
http://www.ubuntu.com/usn/usn-3276-1
Description:
Integer overflow in shadow 4.2.1 allows local users to gain privileges via
crafted input to newuidmap.
Ubuntu-Description:
Notes:
leosilva> shadow version for precise-esm and vivid/ubuntu-core doesn't use
leosilva> newuidmap binaries neither does any privileged access that makes
leosilva> this fix necessary.
Bugs:
https://bugzilla.suse.com/show_bug.cgi?id=979282
https://github.com/shadow-maint/shadow/issues/27
Priority: medium
Discovered-by: Sebastian Krahmer
Assigned-to:
Patches_shadow:
vendor: https://bugzilla.suse.com/attachment.cgi?id=684679&action=diff
upstream: https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1
upstream_shadow: needs-triage
precise_shadow: ignored (reached end-of-life)
precise/esm_shadow: not-affected
trusty_shadow: released (1:4.1.5.1-1ubuntu9.4)
vivid/stable-phone-overlay_shadow: ignored (reached end-of-life)
vivid/ubuntu-core_shadow: not-affected
wily_shadow: ignored (reached end-of-life)
xenial_shadow: released (1:4.2-3.1ubuntu5.2)
yakkety_shadow: released (1:4.2-3.2ubuntu1.16.10.1)
zesty_shadow: released (1:4.2-3.2ubuntu1.17.04.1)
devel_shadow: released (1:4.2-3.2ubuntu2)
|