2 matches found
openSUSE Security Update : aaa_base (openSUSE-SU-2013:1955-1)
On systems installed via the Live Media that /etc/shadow file was readable by the 'users' group, which was not intended. bnc843230, CVE-2013-3713 Reason for this was that the user 'root' was put into the 'users' group. Also a commandline completion bug was fixed : - Use only bash and readline...
CVE-2013-3713
The CVE-2013-3713 issue affects openSUSE 13.1 KDE with aaa_base prior to 16.26.1. The image creation configuration erroneously adds the root user to the 'users' group when installing from a Live image, enabling local users to read sensitive files such as /etc/shadow and potentially other impacts....