RHEL 7 : setup (RHSA-2018:3249)
Medium Nessus Plugin ID 118538
SynopsisThe remote Red Hat host is missing a security update.
DescriptionAn update for setup is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.
The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals.
Security Fix(es) :
* setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes :
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
SolutionUpdate the affected setup package.