-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.1940
                    Important: libuser security update
                               24 July 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libuser
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
                   Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-3246 CVE-2015-3245 

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2015-1482.html
   https://rhn.redhat.com/errata/RHSA-2015-1483.html

Comment: This bulletin contains two (2) Red Hat security advisories.
         
         This advisory references vulnerabilities in products which run on 
         platforms other than Red Hat. It is recommended that administrators
         running libuser check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libuser security update
Advisory ID:       RHSA-2015:1482-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1482.html
Issue date:        2015-07-23
CVE Names:         CVE-2015-3245 CVE-2015-3246 
=====================================================================

1. Summary:

Updated libuser packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The libuser library implements a standardized interface for manipulating
and administering user and group accounts. Sample applications that are
modeled after applications from the shadow password suite (shadow-utils)
are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which could
result in a denial of service or possibly allow the attacker to escalate
their privileges to root. (CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1233043 - CVE-2015-3245 libuser does not filter newline characters in the GECOS field
1233052 - CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

i386:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-python-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

i386:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-python-0.56.13-8.el6_7.i686.rpm

ppc64:
libuser-0.56.13-8.el6_7.ppc.rpm
libuser-0.56.13-8.el6_7.ppc64.rpm
libuser-debuginfo-0.56.13-8.el6_7.ppc.rpm
libuser-debuginfo-0.56.13-8.el6_7.ppc64.rpm
libuser-python-0.56.13-8.el6_7.ppc64.rpm

s390x:
libuser-0.56.13-8.el6_7.s390.rpm
libuser-0.56.13-8.el6_7.s390x.rpm
libuser-debuginfo-0.56.13-8.el6_7.s390.rpm
libuser-debuginfo-0.56.13-8.el6_7.s390x.rpm
libuser-python-0.56.13-8.el6_7.s390x.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm

ppc64:
libuser-debuginfo-0.56.13-8.el6_7.ppc.rpm
libuser-debuginfo-0.56.13-8.el6_7.ppc64.rpm
libuser-devel-0.56.13-8.el6_7.ppc.rpm
libuser-devel-0.56.13-8.el6_7.ppc64.rpm

s390x:
libuser-debuginfo-0.56.13-8.el6_7.s390.rpm
libuser-debuginfo-0.56.13-8.el6_7.s390x.rpm
libuser-devel-0.56.13-8.el6_7.s390.rpm
libuser-devel-0.56.13-8.el6_7.s390x.rpm

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

i386:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-python-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3245
https://access.redhat.com/security/cve/CVE-2015-3246
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVsVKrXlSAg2UNWIIRAjpOAJ9DwfF87lCuvgBqDezv+SqnN/WNMgCdHRoE
rXyJf0kCR3YTxcOuV8FFzbE=
=W9F2
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libuser security update
Advisory ID:       RHSA-2015:1483-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1483.html
Issue date:        2015-07-23
CVE Names:         CVE-2015-3245 CVE-2015-3246 
=====================================================================

1. Summary:

Updated libuser packages that fix two security issues are now available for
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The libuser library implements a standardized interface for manipulating
and administering user and group accounts. Sample applications that are
modeled after applications from the shadow password suite (shadow-utils)
are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which could
result in a denial of service or possibly allow the attacker to escalate
their privileges to root. (CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1233043 - CVE-2015-3245 libuser does not filter newline characters in the GECOS field
1233052 - CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

ppc64:
libuser-0.60-7.el7_1.ppc.rpm
libuser-0.60-7.el7_1.ppc64.rpm
libuser-debuginfo-0.60-7.el7_1.ppc.rpm
libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
libuser-python-0.60-7.el7_1.ppc64.rpm

s390x:
libuser-0.60-7.el7_1.s390.rpm
libuser-0.60-7.el7_1.s390x.rpm
libuser-debuginfo-0.60-7.el7_1.s390.rpm
libuser-debuginfo-0.60-7.el7_1.s390x.rpm
libuser-python-0.60-7.el7_1.s390x.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libuser-0.60-7.ael7b_1.src.rpm

ppc64le:
libuser-0.60-7.ael7b_1.ppc64le.rpm
libuser-debuginfo-0.60-7.ael7b_1.ppc64le.rpm
libuser-python-0.60-7.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libuser-debuginfo-0.60-7.el7_1.ppc.rpm
libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
libuser-devel-0.60-7.el7_1.ppc.rpm
libuser-devel-0.60-7.el7_1.ppc64.rpm

s390x:
libuser-debuginfo-0.60-7.el7_1.s390.rpm
libuser-debuginfo-0.60-7.el7_1.s390x.rpm
libuser-devel-0.60-7.el7_1.s390.rpm
libuser-devel-0.60-7.el7_1.s390x.rpm

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le:
libuser-debuginfo-0.60-7.ael7b_1.ppc64le.rpm
libuser-devel-0.60-7.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3245
https://access.redhat.com/security/cve/CVE-2015-3246
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVsVK7XlSAg2UNWIIRAkWhAJwK0UBF7Q37z7j2hKsjYxwXvq+TaQCfWVvM
hq94ftcCu6cx0aYH6VYBv1A=
=CXDY
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVbF7sH6ZAP0PgtI9AQLJ0RAAkCuLKDURHX5eEzzA0rkdbRX1Os7Wi3xk
tMZoNI3GZqFedEuA+l4s1kYa1WzNFz4rC172sMbK4IoulRlqJChsbEE+SDPpHSdK
eJLLpp+vJ1kDV/V3ryKlvUgvTEDWCam7f4NFs0WbJ8haVCLm+QX4hzu5AYf7YR6P
9B7qidTsq42dVYGjPOZ0wBxHqTIz1gf22mgObf9ifUYXXccO9VZj5dEt822CBMaz
Fxovn6Ox5L6FjWCNXd3yexNac4JU1sAAi4DnYQFR2HlU1mkPAp9yWVUfyJqp4WvI
GWM5hDsdxCL6y6VX/ypmW2+O2UjiL74rg+83zny8mWkoyQ/Wb8IbnCIK1kOx77i/
uXXxfrnFbyfUW2t3DC2dEGlYmZqEhHUApXm5CKHChxHhfoCFxpcKDSjpAntEUq5F
B4vJpGVW4eS+r31zt5EevNourcdN0M3uuSJwW8AE/vMgba3gtja/nhMMwFYPBuWt
6pDg6YNWuFPuezwvPtrXWoBtp8Hr4eIcQyVKqNlqzuaProel4EBa8F2Vr9o1+xRt
UYGSeaw+NN8LQL07PL6ZKLh5AGUqAKYyS2YekbDUfs2LSxuWZHYN2l7Q2SSN78IF
GRJ0Vvz3IEc1KrK7xltFFsKdqt2270H2Wh4aXIqD37q8gN9XN8aSjFrUo4NujxxN
ZaldeLvVgnI=
=1g5o
-----END PGP SIGNATURE-----