Updated libuser packages that fix two security issues are now available forRed Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

The libuser library implements a standardized interface for manipulatingand administering user and group accounts. Sample applications that aremodeled after applications from the shadow password suite (shadow-utils)are included in these packages.Two flaws were found in the way the libuser library handled the /etc/passwdfile. A local attacker could use an application compiled against libuser(for example, userhelper) to manipulate the /etc/passwd file, which couldresult in a denial of service or possibly allow the attacker to escalatetheir privileges to root. (CVE-2015-3245, CVE-2015-3246)Red Hat would like to thank Qualys for reporting these issues.All libuser users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue.
Before applying this update, make sure all previously released errata relevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
libuser-0.60-7.el7_1.src.rpm
    MD5: b92f0efe6fd4878d0ad60b8c49617baaSHA-256: 706e9f955623e46961c11320674bd8f775d0b6f8507e284af882c0f2dc6210bb
 
x86_64:
libuser-0.60-7.el7_1.i686.rpm
    MD5: 0895af7d6cf3427985e49bc4f769e267SHA-256: 2b50a18a0ac3ca690e118525bd0792f98a3607a7b29f55e1eafa2663defceb90
libuser-0.60-7.el7_1.x86_64.rpm
    MD5: 095aec0a9860d55eda01226c414e8aa8SHA-256: d4db1a68cdead20fc22b26413848c64fdb800d3a047b44fe6ca852be91b4fc16
libuser-debuginfo-0.60-7.el7_1.i686.rpm
    MD5: 396dea68edd98c929b09dd31d7918fb6SHA-256: 6f1959a6d0817c487eb5fa8a9875dd2b531316d6beaa9d03cf29e42ccbc9a5b0
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
    MD5: c769ca93d7a54051827c2c391eb6f276SHA-256: 05a0a10c007f15eb8355d252f12f2658ee3789f3ab1c6173eed2f175960332b0
libuser-devel-0.60-7.el7_1.i686.rpm
    MD5: 5ab8b054bde535e48efaed2c38ed41e4SHA-256: 4157e8576fa091327669f4d8473a4b9140ed6a7c4d68d650fc27b86ffdd43366
libuser-devel-0.60-7.el7_1.x86_64.rpm
    MD5: 9d567130bb56fc7de0850171304032c5SHA-256: f2a97bfa0ce0759d376b2027497394fbb98694973c7f709e07da89d4e81ae427
libuser-python-0.60-7.el7_1.x86_64.rpm
    MD5: 4d120b85d351761161f741019799dad1SHA-256: d32f9a2673a79298db6e691e1d6cddbbf7837d3e446e6bd24c3ada317e6f06ef
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
libuser-0.60-7.el7_1.src.rpm
    MD5: b92f0efe6fd4878d0ad60b8c49617baaSHA-256: 706e9f955623e46961c11320674bd8f775d0b6f8507e284af882c0f2dc6210bb
 
x86_64:
libuser-0.60-7.el7_1.i686.rpm
    MD5: 0895af7d6cf3427985e49bc4f769e267SHA-256: 2b50a18a0ac3ca690e118525bd0792f98a3607a7b29f55e1eafa2663defceb90
libuser-0.60-7.el7_1.x86_64.rpm
    MD5: 095aec0a9860d55eda01226c414e8aa8SHA-256: d4db1a68cdead20fc22b26413848c64fdb800d3a047b44fe6ca852be91b4fc16
libuser-debuginfo-0.60-7.el7_1.i686.rpm
    MD5: 396dea68edd98c929b09dd31d7918fb6SHA-256: 6f1959a6d0817c487eb5fa8a9875dd2b531316d6beaa9d03cf29e42ccbc9a5b0
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
    MD5: c769ca93d7a54051827c2c391eb6f276SHA-256: 05a0a10c007f15eb8355d252f12f2658ee3789f3ab1c6173eed2f175960332b0
libuser-devel-0.60-7.el7_1.i686.rpm
    MD5: 5ab8b054bde535e48efaed2c38ed41e4SHA-256: 4157e8576fa091327669f4d8473a4b9140ed6a7c4d68d650fc27b86ffdd43366
libuser-devel-0.60-7.el7_1.x86_64.rpm
    MD5: 9d567130bb56fc7de0850171304032c5SHA-256: f2a97bfa0ce0759d376b2027497394fbb98694973c7f709e07da89d4e81ae427
libuser-python-0.60-7.el7_1.x86_64.rpm
    MD5: 4d120b85d351761161f741019799dad1SHA-256: d32f9a2673a79298db6e691e1d6cddbbf7837d3e446e6bd24c3ada317e6f06ef
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
libuser-0.60-7.el7_1.src.rpm
    MD5: b92f0efe6fd4878d0ad60b8c49617baaSHA-256: 706e9f955623e46961c11320674bd8f775d0b6f8507e284af882c0f2dc6210bb
 
PPC:
libuser-0.60-7.el7_1.ppc.rpm
    MD5: da3bbc09384412237d3c6ac42ea0b95cSHA-256: d17388535a41079660d973d077eeb6397b986136a9226f4d462bd27776471572
libuser-0.60-7.el7_1.ppc64.rpm
    MD5: 868e97ed5020280bcfa423e39de53f4eSHA-256: 12e73030c940ee3f315605bba5c1170ed6e8d05237b33d637888b677a3569426
libuser-debuginfo-0.60-7.el7_1.ppc.rpm
    MD5: 8492bfc38ef21348fbd1a6a76283c05eSHA-256: 9454eb277a3670a20e31f24e06f9600330f965f005a6ee5a111b5d33ed3d5dae
libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
    MD5: 8d00f6f1f37d455566142de22876d01aSHA-256: 7cfaa208eba7c9c14ca9f5eb602ab59f0b335342a957d02388077327e76d934a
libuser-devel-0.60-7.el7_1.ppc.rpm
    MD5: 3fdfcfcbf74e2e1559d556b064d8e353SHA-256: 9a5887c6c9c40504c6f1f148c637b0b8fb5bc22023de5129a1d4994c94aef30a
libuser-devel-0.60-7.el7_1.ppc64.rpm
    MD5: cc4e45fce3a224dae05ee4294e0ab4dbSHA-256: 3d04340404a18292d98e226c26210838cedb26e255ebb3adad28e16668b53a50
libuser-python-0.60-7.el7_1.ppc64.rpm
    MD5: 9d64f049176652dbbc947a4515d5d77eSHA-256: 4766c9af768e1a99fa88baa0d073d94bce4935e74c2083fb3cf0c2847ba01d51
 
s390x:
libuser-0.60-7.el7_1.s390.rpm
    MD5: 6e4e2b90ce10423220ed90d321416ac6SHA-256: 1b8b11400338fec54ac6c5225db6c3ae72434cf271840c882f5af280635f9540
libuser-0.60-7.el7_1.s390x.rpm
    MD5: 8064cfcd01d13398128bebd728ee1e04SHA-256: 7ae4071a0d62ba890303b760ab6b69895576d40554506fc74b115ea86b425d85
libuser-debuginfo-0.60-7.el7_1.s390.rpm
    MD5: d3fdfb4630f985b792af370b93564ae3SHA-256: c5a9396fb1f4285433319bacbf206fe058fb20c0265c357c4683530e24a8d93b
libuser-debuginfo-0.60-7.el7_1.s390x.rpm
    MD5: ced58cd67697edcae647801ad07e96edSHA-256: ca9c1930228ec2d27705ee3f04aa5697e82de82a152d763d0d12a5d9e4f6d4c9
libuser-devel-0.60-7.el7_1.s390.rpm
    MD5: 7749c860f36160355824267fe85625d1SHA-256: f48f37d62089c1a6bd9250f70f5ebdab762261cc4970d3ffe3865e0834a1889a
libuser-devel-0.60-7.el7_1.s390x.rpm
    MD5: 43aee7b0b1ce0f9ede71a43aee832778SHA-256: 92bc3d6cbfff6be55943104795a07b2fab519dbeb3e16d3f8ea57c1031e071d7
libuser-python-0.60-7.el7_1.s390x.rpm
    MD5: eb43ce8c01b5e9184c1056f358699179SHA-256: f0b36c5f8f79899767b1cf4c6b55c17ef66e77722620fe81de53b9225a91da90
 
x86_64:
libuser-0.60-7.el7_1.i686.rpm
    MD5: 0895af7d6cf3427985e49bc4f769e267SHA-256: 2b50a18a0ac3ca690e118525bd0792f98a3607a7b29f55e1eafa2663defceb90
libuser-0.60-7.el7_1.x86_64.rpm
    MD5: 095aec0a9860d55eda01226c414e8aa8SHA-256: d4db1a68cdead20fc22b26413848c64fdb800d3a047b44fe6ca852be91b4fc16
libuser-debuginfo-0.60-7.el7_1.i686.rpm
    MD5: 396dea68edd98c929b09dd31d7918fb6SHA-256: 6f1959a6d0817c487eb5fa8a9875dd2b531316d6beaa9d03cf29e42ccbc9a5b0
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
    MD5: c769ca93d7a54051827c2c391eb6f276SHA-256: 05a0a10c007f15eb8355d252f12f2658ee3789f3ab1c6173eed2f175960332b0
libuser-devel-0.60-7.el7_1.i686.rpm
    MD5: 5ab8b054bde535e48efaed2c38ed41e4SHA-256: 4157e8576fa091327669f4d8473a4b9140ed6a7c4d68d650fc27b86ffdd43366
libuser-devel-0.60-7.el7_1.x86_64.rpm
    MD5: 9d567130bb56fc7de0850171304032c5SHA-256: f2a97bfa0ce0759d376b2027497394fbb98694973c7f709e07da89d4e81ae427
libuser-python-0.60-7.el7_1.x86_64.rpm
    MD5: 4d120b85d351761161f741019799dad1SHA-256: d32f9a2673a79298db6e691e1d6cddbbf7837d3e446e6bd24c3ada317e6f06ef
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
libuser-0.60-7.el7_1.src.rpm
    MD5: b92f0efe6fd4878d0ad60b8c49617baaSHA-256: 706e9f955623e46961c11320674bd8f775d0b6f8507e284af882c0f2dc6210bb
 
x86_64:
libuser-0.60-7.el7_1.i686.rpm
    MD5: 0895af7d6cf3427985e49bc4f769e267SHA-256: 2b50a18a0ac3ca690e118525bd0792f98a3607a7b29f55e1eafa2663defceb90
libuser-0.60-7.el7_1.x86_64.rpm
    MD5: 095aec0a9860d55eda01226c414e8aa8SHA-256: d4db1a68cdead20fc22b26413848c64fdb800d3a047b44fe6ca852be91b4fc16
libuser-debuginfo-0.60-7.el7_1.i686.rpm
    MD5: 396dea68edd98c929b09dd31d7918fb6SHA-256: 6f1959a6d0817c487eb5fa8a9875dd2b531316d6beaa9d03cf29e42ccbc9a5b0
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
    MD5: c769ca93d7a54051827c2c391eb6f276SHA-256: 05a0a10c007f15eb8355d252f12f2658ee3789f3ab1c6173eed2f175960332b0
libuser-devel-0.60-7.el7_1.i686.rpm
    MD5: 5ab8b054bde535e48efaed2c38ed41e4SHA-256: 4157e8576fa091327669f4d8473a4b9140ed6a7c4d68d650fc27b86ffdd43366
libuser-devel-0.60-7.el7_1.x86_64.rpm
    MD5: 9d567130bb56fc7de0850171304032c5SHA-256: f2a97bfa0ce0759d376b2027497394fbb98694973c7f709e07da89d4e81ae427
libuser-python-0.60-7.el7_1.x86_64.rpm
    MD5: 4d120b85d351761161f741019799dad1SHA-256: d32f9a2673a79298db6e691e1d6cddbbf7837d3e446e6bd24c3ada317e6f06ef
 
(The unlinked packages above are only available from the Red Hat Network)
1233043 – CVE-2015-3245 libuser does not filter newline characters in the GECOS field1233052 – CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply