Package "shadow"
Name: |
shadow
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- system login tools
- change and administer password and group data
- programs to help use subuids
|
Latest version: |
1:4.5-1ubuntu2.5 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "shadow" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
shadow (1:4.5-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY REGRESSION: useradd command does not copy all of /etc/skel
(LP: #1998169)
- debian/patches/CVE-2013-4235-pre1.patch: removed
- debian/patches/CVE-2013-4235-pre2.patch: removed
- debian/patches/CVE-2013-4235-1.patch: removed
- debian/patches/CVE-2013-4235-2.patch: removed
- debian/patches/CVE-2013-4235-3.patch: removed
- debian/patches/CVE-2013-4235-4.patch: removed
- debian/patches/CVE-2013-4235-5.patch: removed
- debian/patches/CVE-2013-4235-6.patch: removed
- debian/patches/CVE-2013-4235-7.patch: removed
- debian/patches/CVE-2013-4235-post1.patch: removed
- debian/patches/CVE-2013-4235-post2.patch: removed
- debian/patches/CVE-2013-4235-post3.patch: removed
-- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 09:25:19 -0300
|
Source diff to previous version |
1998169 |
useradd command does not copy all of /etc/skel |
CVE-2013-4235 |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
|
shadow (1:4.5-1ubuntu2.4) bionic-security; urgency=medium
* SECURITY UPDATE: race condition when copying and removing directory trees
- debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
- debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
type (set_selinux_file_context).
- debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
- debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
- debian/patches/CVE-2013-4235-3.patch: require symlink support.
- debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
copy_tree().
- debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
copy_tree().
- debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
- debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
- debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
(copy_tree).
- debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
(copy_tree).
- debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
(copy_tree).
- CVE-2013-4235
-- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:30:57 -0300
|
Source diff to previous version |
CVE-2013-4235 |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
|
shadow (1:4.5-1ubuntu2.3) bionic; urgency=medium
[ Michael Vogt ]
* debian/patches/1010_extrausers.patch:
Add automatic detection of "extrausers" for usermod -G
(LP: #1959375)
-- Alberto Mardegan <email address hidden> Mon, 14 Mar 2022 13:49:40 +0300
|
Source diff to previous version |
1959375 |
[SRU] Please support group manipulation with \ |
|
shadow (1:4.5-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Access to privileged information
- debian/patches/CVE-2018-7169.patch: newgidmap:
enforce setgroups=deny if self-mapping a group in
src/newgidmap.c.
- CVE-2018-7169
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 25 Jan 2022 13:26:21 -0300
|
Source diff to previous version |
CVE-2018-7169 |
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where s |
|
shadow (1:4.5-1ubuntu2) bionic; urgency=medium
* debian/patches/1013_extrausers_deluser.patch
- add --extrausers option to "userdel" (LP: #1659534)
* debian/patches/2000_fix-su-pam-env-handling.
- fix "su -l" to correctly use pam_getenvlist (LP: #984390)
-- Michael Vogt <email address hidden> Fri, 22 Mar 2019 20:05:38 +0100
|
1659534 |
userdel doesn't supports extrausers |
984390 |
$PATH is taken from login.defs not /etc/environment |
|
About
-
Send Feedback to @ubuntu_updates