Security update for shadow SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1997-1 Final 1 1 2018-07-19T07:43:31Z current 2018-07-19T07:43:31Z 2018-07-19T07:43:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for shadow This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-OpenStack-Cloud-7-2018-1351,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1351,SUSE-SLE-DESKTOP-12-SP3-2018-1351,SUSE-SLE-SAP-12-SP2-2018-1351,SUSE-SLE-SERVER-12-SP2-2018-1351,SUSE-SLE-SERVER-12-SP3-2018-1351,SUSE-Storage-4-2018-1351 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181997-1/ Link for SUSE-SU-2018:1997-1 https://lists.suse.com/pipermail/sle-security-updates/2018-July/004291.html E-Mail link for SUSE-SU-2018:1997-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1099310 SUSE Bug 1099310 https://www.suse.com/security/cve/CVE-2016-6252/ SUSE CVE CVE-2016-6252 page SUSE Enterprise Storage 4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 7 shadow-4.2.1-27.9.1 shadow-4.2.1-27.9.1 as a component of SUSE Enterprise Storage 4 shadow-4.2.1-27.9.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 shadow-4.2.1-27.9.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS shadow-4.2.1-27.9.1 as a component of SUSE Linux Enterprise Server 12 SP3 shadow-4.2.1-27.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 shadow-4.2.1-27.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 shadow-4.2.1-27.9.1 as a component of SUSE OpenStack Cloud 7 Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. CVE-2016-6252 SUSE Enterprise Storage 4:shadow-4.2.1-27.9.1 SUSE Linux Enterprise Desktop 12 SP3:shadow-4.2.1-27.9.1 SUSE Linux Enterprise Server 12 SP2-LTSS:shadow-4.2.1-27.9.1 SUSE Linux Enterprise Server 12 SP3:shadow-4.2.1-27.9.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:shadow-4.2.1-27.9.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:shadow-4.2.1-27.9.1 SUSE OpenStack Cloud 7:shadow-4.2.1-27.9.1 important 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181997-1/ https://www.suse.com/security/cve/CVE-2016-6252.html CVE-2016-6252 https://bugzilla.suse.com/1099310 SUSE Bug 1099310 https://bugzilla.suse.com/979282 SUSE Bug 979282