Package "login"

Name:	login
Description:	system login tools
Latest version:	1:4.8.1-1ubuntu5.20.04.5
Release:	focal (20.04)
Level:	updates
Repository:	main
Head package:	shadow
Homepage:	https://github.com/shadow-maint/shadow

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "login"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "login" in Focal

Repository	Area	Version
base	main	1:4.8.1-1ubuntu5
security	main	1:4.8.1-1ubuntu5.20.04.5

Changelog

Version: 1:4.8.1-1ubuntu5.20.04.5 2024-02-15 21:06:54 UTC

shadow (1:4.8.1-1ubuntu5.20.04.5) focal-security; urgency=medium * SECURITY UPDATE: unsanitized buffer leading to a password leak during gpasswd new password operation - debian/patches/CVE-2023-4641.patch: fix password leak in gpasswd. - CVE-2023-4641 -- Camila Camargo de Matos <email address hidden> Tue, 06 Feb 2024 09:49:54 -0300

Source diff to previous version

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt,

Version: 1:4.8.1-1ubuntu5.20.04.4 2022-11-29 18:06:25 UTC

shadow (1:4.8.1-1ubuntu5.20.04.4) focal-security; urgency=medium * SECURITY REGRESSION: useradd command does not copy all of /etc/skel (LP: #1998169) - debian/patches/CVE-2013-4235-pre1.patch: removed - debian/patches/CVE-2013-4235-pre2.patch: removed - debian/patches/CVE-2013-4235-1.patch: removed - debian/patches/CVE-2013-4235-2.patch: removed - debian/patches/CVE-2013-4235-3.patch: removed - debian/patches/CVE-2013-4235-4.patch: removed - debian/patches/CVE-2013-4235-5.patch: removed - debian/patches/CVE-2013-4235-6.patch: removed - debian/patches/CVE-2013-4235-7.patch: removed - debian/patches/CVE-2013-4235-post1.patch: removed - debian/patches/CVE-2013-4235-post2.patch: removed - debian/patches/CVE-2013-4235-post3.patch: removed -- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 08:53:10 -0300

Source diff to previous version

1998169	useradd command does not copy all of /etc/skel
CVE-2013-4235	shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Version: 1:4.8.1-1ubuntu5.20.04.3 2022-11-28 16:06:25 UTC

shadow (1:4.8.1-1ubuntu5.20.04.3) focal-security; urgency=medium * SECURITY UPDATE: race condition when copying and removing directory trees - debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens. - debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file type (set_selinux_file_context). - debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree(). - debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree(). - debian/patches/CVE-2013-4235-3.patch: require symlink support. - debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in copy_tree(). - debian/patches/CVE-2013-4235-5.patch: more robust file content copy in copy_tree(). - debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings. - debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree(). - debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod (copy_tree). - debian/patches/CVE-2013-4235-post2.patch: do not block on fifos (copy_tree). - debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions (copy_tree). - CVE-2013-4235 -- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:15:58 -0300

Source diff to previous version

CVE-2013-4235

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Version: 1:4.8.1-1ubuntu5.20.04.2 2022-05-18 04:06:21 UTC

shadow (1:4.8.1-1ubuntu5.20.04.2) focal; urgency=medium [ Michael Vogt ] * debian/patches/1010_extrausers.patch: Add automatic detection of "extrausers" for usermod -G (LP: #1959375) -- Alberto Mardegan <email address hidden> Mon, 14 Mar 2022 11:26:09 +0300

Source diff to previous version

1959375

[SRU] Please support group manipulation with \

Version: 1:4.8.1-1ubuntu5.20.04.1 2021-08-02 15:06:22 UTC

shadow (1:4.8.1-1ubuntu5.20.04.1) focal; urgency=medium * Disallow purely numeric usernames. This includes hexadecimal octal syntax. (LP: #1927078) -- William 'jawn-smith' Wilson <email address hidden> Wed, 14 Jul 2021 17:08:18 -0500

1927078

Don't allow useradd to use fully numeric names

About - Send Feedback to @ubuntu_updates

Package "login"

Links

Download "login"

Other versions of "login" in Focal

Changelog

Share this page

Bookmarks

Latest updates

updates

proposed

PPA updates