Login-Name Passwort


Sicherheit: Pufferüberlauf in cracklib
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in cracklib
ID: FEDORA-2016-bfa785e39e
Distribution: Fedora
Plattformen: Fedora 25
Datum: So, 11. Dezember 2016, 21:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318


Name        : cracklib
Product : Fedora 25
Version : 2.9.6
Release : 4.fc25
URL : http://sourceforge.net/projects/cracklib/
Summary : A password-checking library
Description :
CrackLib tests passwords to determine whether they match certain
security-oriented characteristics, with the purpose of stopping users
from choosing passwords that are easy to guess. CrackLib performs
several tests on passwords: it tries to generate words from a username
and gecos entry and checks those words against the password; it checks
for simplistic patterns in passwords; and it checks for the password
in a dictionary.

CrackLib is actually a library containing a particular C function
which is used to check the password, as well as other C
functions. CrackLib is not a replacement for a passwd program; it must
be used in conjunction with an existing passwd program.

Install the cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure. If you install
CrackLib, you will also want to install the cracklib-dicts package.

Update Information:

Security fix for CVE-2016-6318

[ 1 ] Bug #1364944 - CVE-2016-6318 cracklib: Stack-based buffer overflow when
parsing large GECOS field

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade cracklib' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten