Security update for shadow
This update for shadow fixes several issues.
This security issue was fixed:
- CVE-2017-12424: The newusers tool could have been forced to manipulate
internal data structures in ways unintended by the authors. Malformed input may
have lead to crashes (with a buffer overflow or other memory corruption) or
other unspecified behaviors (bsc#1052261).
These non-security issues were fixed:
- bsc#1023895: Fixed man page to not contain invalid options and also prevent
warnings when using these options in certain settings
- bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Michael Vetter (jubalh)
Fixed bugs
bnc#1023895
man page for login.defs in shadow-4.2.1-23.1 RPM contains invalid options
bnc#1052261
VUL-0: CVE-2017-12424: shadow: In shadow before 4.5, the newusers tool could be made to manipulate internaldata structures in ways unintended by the authors. Malformed input may lead tocrashes (with a buffer overflow or other memory corru
bnc#980486
useradd: reset tallylog, too
