==========================================================================
Ubuntu Security Notice USN-3276-3
November 14, 2017
shadow vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
su could be made to crash or stop programs as an administrator.
Software Description:
– shadow: system login tools
Details:
USN-3276-1 and USN-3276-2 fixed vulnerabilities in shadow. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Sebastian Krahmer discovered integer overflows in shadow utilities.
A local attacker could possibly cause them to crash or potentially
gain privileges via crafted input. (CVE-2016-6252)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
login 1:4.1.4.2+svn3283-3ubuntu5.2
passwd 1:4.1.4.2+svn3283-3ubuntu5.2
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3276-3
https://www.ubuntu.com/usn/usn-3276-1
CVE-2017-2616
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaCyzUAAoJEEW851uECx9ppxMP/2amFwiDyhL3owekCG8uqrDZ
r2Z6fVifyzQPstsGg2GoakiRkJ0BLoKgHpUjN2talf9etd/mXlFRt9QRfoyHeppZ
r0Z9uNgkQeC4Y9zGpDuz4KIejobhTG7KTCRsj2s5DaEI5/NBFHH6vPxbwXgPTa7c
0+cT80xvdRahK0BewX48Mk6y1PwBtg3HhYLuMhD6DCTEu6gav8wrP5E8c9jn2yTq
tlr43wtv64P0dNyksGtBclzw+1ln6DXv+p4UVFWTQRckCmM09ZejFet9/0SRZozf
ySjw5qsPX/XzHx4UnfUI5lSvb6ZfcGjoE3mCcBnWsfUZFIhZhZYDwt9cKFDWVBgu
NF0KfVTPZgB780n/bZzjP+1d7oYHgyXzLMU9vZbQQN0WKX9COmkd1tNfgargsWj5
UuXvVYs7RNlyabAbOnj4W5lqX/kioeVy4TMn4oGPEiBpDEZSpyr93Wny87UP28T6
RRHFNMY6RBdoudW1zepOtR5oFxPN1Imf8L5Rs4ccEJev2fRRRKk2JauA9JbLVIVW
O/iJt82UB3/wlD0swsNTieFLPivf+gEScP/Xj0+UIbdrBjYSXUYKQUEPOapplm3h
gxHJ5z32sigJAp1YknbA85rJfTUQVSt5Ymm1qh4wwid6nyK1kQbGOWCYUywn9c0Z
xQO9s4RI/9x6B8H2buQh
=cq79
—–END PGP SIGNATURE—–
—