CLSA-2021:1639682357

[CLSA-2022:1643637259] Fix CVE(s): CVE-2017-12424, CVE-2018-7169

Type:

security

Severity:

moderate

Release date:

2022-01-31 13:54:19 UTC

Description:

   * SECURITY UPDATE: Crash or buffer overflow
     - debian/patches/CVE-2017-12424.patch: fix buffer overflow if
       NULL line is present in db in lib/commonio.c.
     - CVE-2017-12424
   * SECURITY UPDATE: Access to privileged information
     - debian/patches/CVE-2018-7169.patch: newgidmap:
       enforce setgroups=deny if self-mapping a group in
       src/newgidmap.c.
     - CVE-2018-7169

Updated packages:

login_4.2-3.1ubuntu5.5+tuxcare.els1_amd64.deb
sha:8c44dd85d367208b7f9520a61596f757fe809df0
passwd_4.2-3.1ubuntu5.5+tuxcare.els1_amd64.deb
sha:959990fd2bf6e0624a0ed3720549a071dc976736
uidmap_4.2-3.1ubuntu5.5+tuxcare.els1_amd64.deb
sha:b27900939a0a0c8fee24370c34aafa37b694b995

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.