UbuntuUpdates.org

Package "passwd"

Name: passwd

Description:

change and administer password and group data
Latest version: 1:4.8.1-2ubuntu2.2
Release: jammy (22.04)
Level: updates
Repository: main
Head package: shadow
Homepage: https://github.com/shadow-maint/shadow

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "passwd"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "passwd" in Jammy

Repository Area Version
base main 1:4.8.1-2ubuntu2
security main 1:4.8.1-2ubuntu2.2

Changelog

Version: 1:4.8.1-2ubuntu2.2 2024-02-15 21:06:56 UTC

  shadow (1:4.8.1-2ubuntu2.2) jammy-security; urgency=medium

  * SECURITY UPDATE: unsanitized buffer leading to a password leak during
    gpasswd new password operation
    - debian/patches/CVE-2023-4641.patch: fix password leak in gpasswd.
    - CVE-2023-4641

 -- Camila Camargo de Matos <email address hidden> Tue, 06 Feb 2024 09:54:23 -0300
Source diff to previous version
CVE-2023-4641 A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt,

Version: 1:4.8.1-2ubuntu2.1 2022-11-28 16:06:27 UTC

  shadow (1:4.8.1-2ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: race condition when copying and removing directory trees
    - debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
    - debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
      type (set_selinux_file_context).
    - debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
    - debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
    - debian/patches/CVE-2013-4235-3.patch: require symlink support.
    - debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
      copy_tree().
    - debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
      copy_tree().
    - debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
    - debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
    - debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
      (copy_tree).
    - debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
      (copy_tree).
    - debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
      (copy_tree).
    - CVE-2013-4235

 -- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:05:18 -0300
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees


About   -   Send Feedback to @ubuntu_updates