Package "passwd"
Name: |
passwd
|
Description: |
change and administer password and group data
|
Latest version: |
1:4.8.1-1ubuntu5.20.04.5 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
shadow |
Homepage: |
https://github.com/shadow-maint/shadow |
Links
Download "passwd"
Other versions of "passwd" in Focal
Changelog
shadow (1:4.8.1-1ubuntu5.20.04.4) focal-security; urgency=medium
* SECURITY REGRESSION: useradd command does not copy all of /etc/skel
(LP: #1998169)
- debian/patches/CVE-2013-4235-pre1.patch: removed
- debian/patches/CVE-2013-4235-pre2.patch: removed
- debian/patches/CVE-2013-4235-1.patch: removed
- debian/patches/CVE-2013-4235-2.patch: removed
- debian/patches/CVE-2013-4235-3.patch: removed
- debian/patches/CVE-2013-4235-4.patch: removed
- debian/patches/CVE-2013-4235-5.patch: removed
- debian/patches/CVE-2013-4235-6.patch: removed
- debian/patches/CVE-2013-4235-7.patch: removed
- debian/patches/CVE-2013-4235-post1.patch: removed
- debian/patches/CVE-2013-4235-post2.patch: removed
- debian/patches/CVE-2013-4235-post3.patch: removed
-- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 08:53:10 -0300
|
Source diff to previous version |
1998169 |
useradd command does not copy all of /etc/skel |
CVE-2013-4235 |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
|
shadow (1:4.8.1-1ubuntu5.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: race condition when copying and removing directory trees
- debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
- debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
type (set_selinux_file_context).
- debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
- debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
- debian/patches/CVE-2013-4235-3.patch: require symlink support.
- debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
copy_tree().
- debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
copy_tree().
- debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
- debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
- debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
(copy_tree).
- debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
(copy_tree).
- debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
(copy_tree).
- CVE-2013-4235
-- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:15:58 -0300
|
CVE-2013-4235 |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
|
About
-
Send Feedback to @ubuntu_updates