(RHSA-2015:1483) Important: libuser security update

2015-07-2300:00:00

access.redhat.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

JSON

The libuser library implements a standardized interface for manipulating
and administering user and group accounts. Sample applications that are
modeled after applications from the shadow password suite (shadow-utils)
are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which could
result in a denial of service or possibly allow the attacker to escalate
their privileges to root. (CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat7i686libuser-debuginfo< 0.60-7.el7_1libuser-debuginfo-0.60-7.el7_1.i686.rpm
RedHat7srclibuser< 0.60-7.el7_1libuser-0.60-7.el7_1.src.rpm
RedHat7s390libuser-devel< 0.60-7.el7_1libuser-devel-0.60-7.el7_1.s390.rpm
RedHat7s390xlibuser-debuginfo< 0.60-7.el7_1libuser-debuginfo-0.60-7.el7_1.s390x.rpm
RedHat7x86_64libuser< 0.60-7.el7_1libuser-0.60-7.el7_1.x86_64.rpm
RedHat7s390libuser< 0.60-7.el7_1libuser-0.60-7.el7_1.s390.rpm
RedHat7ppc64libuser< 0.60-7.el7_1libuser-0.60-7.el7_1.ppc64.rpm
RedHat7ppc64libuser-debuginfo< 0.60-7.el7_1libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
RedHat7s390xlibuser-devel< 0.60-7.el7_1libuser-devel-0.60-7.el7_1.s390x.rpm
RedHat7s390libuser-debuginfo< 0.60-7.el7_1libuser-debuginfo-0.60-7.el7_1.s390.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	i686	libuser-debuginfo	< 0.60-7.el7_1	libuser-debuginfo-0.60-7.el7_1.i686.rpm
RedHat	7	src	libuser	< 0.60-7.el7_1	libuser-0.60-7.el7_1.src.rpm
RedHat	7	s390	libuser-devel	< 0.60-7.el7_1	libuser-devel-0.60-7.el7_1.s390.rpm
RedHat	7	s390x	libuser-debuginfo	< 0.60-7.el7_1	libuser-debuginfo-0.60-7.el7_1.s390x.rpm
RedHat	7	x86_64	libuser	< 0.60-7.el7_1	libuser-0.60-7.el7_1.x86_64.rpm
RedHat	7	s390	libuser	< 0.60-7.el7_1	libuser-0.60-7.el7_1.s390.rpm
RedHat	7	ppc64	libuser	< 0.60-7.el7_1	libuser-0.60-7.el7_1.ppc64.rpm
RedHat	7	ppc64	libuser-debuginfo	< 0.60-7.el7_1	libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
RedHat	7	s390x	libuser-devel	< 0.60-7.el7_1	libuser-devel-0.60-7.el7_1.s390x.rpm
RedHat	7	s390	libuser-debuginfo	< 0.60-7.el7_1	libuser-debuginfo-0.60-7.el7_1.s390.rpm