Debian
libuser package

libuser: CVE-2012-5630 CVE-2012-5644

Bug #1210215 reported by Andreas Moog
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libuser (Debian)
Fix Released
Unknown
libuser (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Imported from Debian bug http://bugs.debian.org/705690:

Package: libuser
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for libuser.

CVE-2012-5630[0]:
TOCTOU race conditions by copying and removing directory trees

CVE-2012-5644[1]:
(Complete) Information disclosure when moving user's home directory

The patch however looks unfortunately quite substantial, see [2], so
might be better to update for unstable directly to the new upstream
version.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2012-5630
[1] http://security-tracker.debian.org/tracker/CVE-2012-5644
[2] https://bugzilla.redhat.com/show_bug.cgi?id=885724#c7

Regards,
Salvatore

See original description

CVE References

Andreas Moog (ampelbein)
Changed in libuser (Ubuntu):
status: New → Triaged
importance: Undecided → High
information type: Public → Public Security
Andreas Moog (ampelbein)
description: updated
Bug Watch Updater (bug-watch-updater)
Changed in libuser (Debian):
importance: Undecided → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in libuser (Debian):
status: New → Fix Released
Revision history for this message
Mattia Rizzolo (mapreri) wrote :

in the meantime this has been fixed and synced.

Changed in libuser (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.