Description: SUSE has issued updates for pwdutils and shadow. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an error in the setuid "chfn" program in validating its arguments when changing the GECOS field. This can be exploited by malicious users to gain root privileges.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.