MGASA-2015-0162

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0162.html

Import Source

https://advisories.mageia.org/MGASA-2015-0162.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0162

Published

2015-04-23T21:14:25Z

Modified

2026-04-16T04:28:11.414794Z

Summary

Updated setup packages fix security vulnerabilities

Details

Updated setup package fixes security issue

An issue has been identified in Mageia 4's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable (mga#14516).

This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities.

Note that this issue only affected new Mageia 4 installations. Systems that were updated from previous Mageia versions were not affected.

This update was already issued as MGASA-2015-0116, but the latter was withdrawn as it generated .rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such .rpmnew files are not kept after the update.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / setup

Package

Name: setup
Purl: pkg:rpm/mageia/setup?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.20-9.4.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0162.json"