Summary: | <sys-apps/shadow-4.5: newusers tool could be made to manipulate internal data structures (CVE-2017-12424) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, pam-bugs+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/7883 https://github.com/gentoo/gentoo/pull/7882 |
||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
sys-apps/shadow-4.5
|
Runtime testing required: | --- |
Description
Aleksandr Wagner (Kivak)
2017-08-04 09:57:45 UTC
@ Arches, please test and mark stable: =sys-apps/shadow-4.5 ia64 stable arm stable amd64 stable x86 stable alpha stable sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9 ppc64 stable ppc stable hppa stable GLSA requested filed. This issue was resolved and addressed in GLSA 201710-16 at https://security.gentoo.org/glsa/201710-16 by GLSA coordinator Aaron Bauman (b-man). re-opening for cleanup or mask. sparc stable (thanks to Rolf Eike Beer) arm64 stable; cleanup should be more possible now. All done, thank you all. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3639511fbbd747f125d97f46fb70169333366a80 commit 3639511fbbd747f125d97f46fb70169333366a80 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-08 17:06:53 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-09 00:04:02 +0000 sys-apps/shadow: drop vulnerable Bug: https://bugs.gentoo.org/627044 Package-Manager: Portage-2.3.28, Repoman-2.3.9 Closes: https://github.com/gentoo/gentoo/pull/7882 sys-apps/shadow/Manifest | 1 - sys-apps/shadow/shadow-4.4-r2.ebuild | 213 ----------------------------------- 2 files changed, 214 deletions(-)} |