UbuntuUpdates.org

Package "shadow"

Name: shadow

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • system login tools
  • change and administer password and group data
  • programs to help use subuids

Latest version: 1:4.5-1ubuntu2.5
Release: bionic (18.04)
Level: updates
Repository: main

Links



Other versions of "shadow" in Bionic

Repository Area Version
base main 1:4.5-1ubuntu1
security main 1:4.5-1ubuntu2.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.5-1ubuntu2.5 2022-11-29 18:06:21 UTC

  shadow (1:4.5-1ubuntu2.5) bionic-security; urgency=medium

  * SECURITY REGRESSION: useradd command does not copy all of /etc/skel
    (LP: #1998169)
    - debian/patches/CVE-2013-4235-pre1.patch: removed
    - debian/patches/CVE-2013-4235-pre2.patch: removed
    - debian/patches/CVE-2013-4235-1.patch: removed
    - debian/patches/CVE-2013-4235-2.patch: removed
    - debian/patches/CVE-2013-4235-3.patch: removed
    - debian/patches/CVE-2013-4235-4.patch: removed
    - debian/patches/CVE-2013-4235-5.patch: removed
    - debian/patches/CVE-2013-4235-6.patch: removed
    - debian/patches/CVE-2013-4235-7.patch: removed
    - debian/patches/CVE-2013-4235-post1.patch: removed
    - debian/patches/CVE-2013-4235-post2.patch: removed
    - debian/patches/CVE-2013-4235-post3.patch: removed

 -- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 09:25:19 -0300

Source diff to previous version
1998169 useradd command does not copy all of /etc/skel
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Version: 1:4.5-1ubuntu2.4 2022-11-28 16:06:23 UTC

  shadow (1:4.5-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: race condition when copying and removing directory trees
    - debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
    - debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
      type (set_selinux_file_context).
    - debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
    - debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
    - debian/patches/CVE-2013-4235-3.patch: require symlink support.
    - debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
      copy_tree().
    - debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
      copy_tree().
    - debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
    - debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
    - debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
      (copy_tree).
    - debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
      (copy_tree).
    - debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
      (copy_tree).
    - CVE-2013-4235

 -- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:30:57 -0300

Source diff to previous version
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Version: 1:4.5-1ubuntu2.3 2022-06-29 06:06:26 UTC

  shadow (1:4.5-1ubuntu2.3) bionic; urgency=medium

  [ Michael Vogt ]
  * debian/patches/1010_extrausers.patch:
    Add automatic detection of "extrausers" for usermod -G
    (LP: #1959375)

 -- Alberto Mardegan <email address hidden> Mon, 14 Mar 2022 13:49:40 +0300

Source diff to previous version
1959375 [SRU] Please support group manipulation with \

Version: 1:4.5-1ubuntu2.2 2022-01-27 18:07:08 UTC

  shadow (1:4.5-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Access to privileged information
    - debian/patches/CVE-2018-7169.patch: newgidmap:
      enforce setgroups=deny if self-mapping a group in
      src/newgidmap.c.
    - CVE-2018-7169

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 25 Jan 2022 13:26:21 -0300

Source diff to previous version
CVE-2018-7169 An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where s

Version: 1:4.5-1ubuntu2 2019-04-25 11:06:21 UTC

  shadow (1:4.5-1ubuntu2) bionic; urgency=medium

  * debian/patches/1013_extrausers_deluser.patch
    - add --extrausers option to "userdel" (LP: #1659534)
  * debian/patches/2000_fix-su-pam-env-handling.
    - fix "su -l" to correctly use pam_getenvlist (LP: #984390)

 -- Michael Vogt <email address hidden> Fri, 22 Mar 2019 20:05:38 +0100

1659534 userdel doesn't supports extrausers
984390 $PATH is taken from login.defs not /etc/environment



About   -   Send Feedback to @ubuntu_updates