Overview

File _patchinfo of Package patchinfo.5585

<patchinfo incident="5585">
  <issue id="1023895" tracker="bnc">man page for login.defs in shadow-4.2.1-23.1 RPM contains invalid options</issue>
  <issue id="1052261" tracker="bnc">VUL-0: CVE-2017-12424: shadow: In shadow before 4.5, the newusers tool could be made to manipulate internaldata structures in ways unintended by the authors. Malformed input may lead tocrashes (with a buffer overflow or other memory corru</issue>
  <issue id="980486" tracker="bnc">useradd: reset tallylog, too</issue>
  <issue id="2017-12424" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mvetter</packager>
  <description>This update for shadow fixes several issues.

This security issue was fixed:

- CVE-2017-12424: The newusers tool could have been forced to manipulate
  internal data structures in ways unintended by the authors. Malformed input may
  have lead to crashes (with a buffer overflow or other memory corruption) or
  other unspecified behaviors (bsc#1052261).

These non-security issues were fixed:

- bsc#1023895: Fixed man page to not contain invalid options and also prevent
  warnings when using these options in certain settings
- bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2
</description>
  <summary>Security update for shadow</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places