cucumber-linux-security

[Cucumber-linux-security] shadow (security update is available)

[Z5T1 <z5...@z5...>]

  Update Information

A security update is available for shadow for the following versions of
Cucumber Linux:

  * 1.0

Here are the details from the Cucumber 1.0 changelog:

+----------------+
Fri Aug 4 09:50:08 EDT 2017
base/shadow rebuilt (build 3) to fix CVE-2017-12424, a buffer overflow vulnera-
	bility that could result in crashes and other unspecified impacts,
	possibly including privilege escalation. For more information see:
		https://nvd.nist.gov/vuln/detail/CVE-2017-12424
		https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure shadow is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
at the following location:

Cucumber 1.0 i686:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/base/shadow-4.2.1-i686-3.txz

Cucumber 1.0 x86_64:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/base/shadow-4.2.1-x86_64-3.txz

To upgrade the package manually, download the new package and run the
following command (as root):

# upgradepkg shadow-4.2.1-i686-3.txz


------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
http://www.cucumberlinux.com/security.php

[Cucumber-linux-security] shadow (security update is available)

[Z5T1 <z5...@z5...>]

  Update Information

A security update is available for shadow for the following versions of
Cucumber Linux:

  * 1.0
  * 1.1 Alpha

Here are the details from the Cucumber 1.0 changelog:

+----------------+
Wed Nov 1 12:45:57 EDT 2017
base/shadow rebuilt (build 4) to fix CLD-121, a vulnerability in which the
	/etc/shadow file was world readable. For more information see:
		http://security.cucumberlinux.com/security/details.php?id=121
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  CLD and CVE Information

This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:

  * CLD-121 (http://security.cucumberlinux.com/security/details.php?id=121)

More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure shadow is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.

------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php

[Cucumber-linux-security] shadow (security update is available)

[Scott C. <sc...@cu...>]

  Update Information

A security update is available for shadow for the following versions of
Cucumber Linux:

  * 1.0
  * 1.1 Beta

Here are the details from the Cucumber 1.0 changelog:

+----------------+
Sun Feb 18 11:55:09 EST 2018
base/shadow rebuilt (build 5) to fix CVE-2018-7169, a security vulnerability   
	that could allow for an unprivileged user to drop supplemental groups
	using the newuidmap and newgidmap commands. This effectively allows for
	circumventing group blacklisting. For more information see:
		http://security.cucumberlinux.com/security/details.php?id=298
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
		https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
* SECURITY FIX *
+----------------+

Here are the details from the Cucumber 1.1 Beta changelog:

+----------------+
Sun Feb 18 11:51:23 EST 2018
base/shadow rebuilt (build 6) to fix CVE-2018-7169, a security vulnerability
	that could allow for an unprivileged user to drop supplemental groups
	using the newuidmap and newgidmap commands. This effectively allows for
	circumventing group blacklisting. For more information see:
		http://security.cucumberlinux.com/security/details.php?id=298
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
		https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  CLD and CVE Information

This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:

  * CLD-298 [CVE-2018-7169]
    (http://security.cucumberlinux.com/security/details.php?id=298)

More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure shadow is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.

------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
http://www.cucumberlinux.com/security.php

[Cucumber-linux-security] shadow (security update is available)

[Scott C. <sc...@cu...>]

  Update Information

A security update is available for shadow for the following versions of
Cucumber Linux:

  * 1.0
  * 1.1

Here are the details from the Cucumber 1.1 changelog:

+----------------+
Fri Aug 17 09:51:59 EDT 2018
base/shadow rebuilt (build 7) to fix CVE-2016-6252, a security vulnerability
	that allowed for a local escalation of privileges via a specially
	crafted to newuidmap. For more information see:
		https://security.cucumberlinux.com/security/details.php?id=484
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
		http://www.openwall.com/lists/oss-security/2016/07/19/6
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  CLD and CVE Information

This update is associated with the following Cucumber Linux Deficiency
(CLD) and CVE numbers:

  * CLD-484 [CVE-2016-6252]
    (https://security.cucumberlinux.com/security/details.php?id=484)

More information about these CLDs can be found at their respective pages
on the Cucumber Linux Security Advisory Tracker (these are the URLs in
parenthesis above).

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure shadow is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
on the mirror at http://mirror.cucumberlinux.com/cucumber/.

------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
<mailto:cuc...@li...>
https://www.cucumberlinux.com/security.php