UbuntuUpdates.org

Package "shadow"

Name: shadow

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • system login tools
  • change and administer password and group data
  • programs to help use subuids
Latest version: 1:4.2-3.1ubuntu5.3
Release: xenial (16.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "shadow" in Xenial

Repository Area Version
base main 1:4.2-3.1ubuntu5
updates main 1:4.2-3.1ubuntu5.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.2-3.1ubuntu5.3 2017-05-17 02:06:44 UTC

  shadow (1:4.2-3.1ubuntu5.3) xenial-security; urgency=medium

  * REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
    If su received a signal like SIGTERM it wasn't propagated to the child.
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

 -- Seth Arnold <email address hidden> Mon, 15 May 2017 19:26:55 -0700
Source diff to previous version
CVE-2017-2616 Sending SIGKILL to other processes with root privileges via su

Version: 1:4.2-3.1ubuntu5.2 2017-05-05 06:07:02 UTC

  shadow (1:4.2-3.1ubuntu5.2) xenial-security; urgency=medium

  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - CVE-2017-2616
  * SECURITY UPDATE: getulong() function could accidentally parse negative
    numbers as large positive numbers.
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252

 -- Seth Arnold <email address hidden> Thu, 04 May 2017 01:00:19 -0700
CVE-2017-2616 Sending SIGKILL to other processes with root privileges via su
CVE-2016-6252 Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.


About   -   Send Feedback to @ubuntu_updates