Arch Linux Security Advisory ASA-201507-19 ========================================== Severity: Critical Date : 2015-07-24 CVE-ID : CVE-2015-3245 CVE-2015-3246 Package : libuser Type : multiple issues Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libuser before version 0.62-1 is vulnerable to privilege escalation and denial of service. Resolution ========== Upgrade to 0.62-1. # pacman -Syu "libuser>=0.62-1" The problems have been fixed upstream in version 0.62. Workaround ========== None. Description =========== - CVE-2015-3245 (denial of service) It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system. - CVE-2015-3246 (privilege escalation) A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root. Impact ====== A local authenticated user is able to use an application compiled against libuser to escalate privileges to root or perform a denial-of-service attack on the system by corrupting the /etc/passwd file. References ========== http://seclists.org/oss-sec/2015/q3/185 https://access.redhat.com/security/cve/CVE-2015-3245 https://access.redhat.com/security/cve/CVE-2015-3246