UbuntuUpdates.org

Package "shadow"

Name: shadow

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • programs to help use subuids
Latest version: 1:4.8.1-1ubuntu5.20.04.5
Release: focal (20.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "shadow" in Focal

Repository Area Version
base main 1:4.8.1-1ubuntu5
base universe 1:4.8.1-1ubuntu5
security main 1:4.8.1-1ubuntu5.20.04.5
updates universe 1:4.8.1-1ubuntu5.20.04.5
updates main 1:4.8.1-1ubuntu5.20.04.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.8.1-1ubuntu5.20.04.5 2024-02-15 20:07:14 UTC
No changelog available yet.
Source diff to previous version

Version: 1:4.8.1-1ubuntu5.20.04.4 2022-11-29 17:06:29 UTC

  shadow (1:4.8.1-1ubuntu5.20.04.4) focal-security; urgency=medium

  * SECURITY REGRESSION: useradd command does not copy all of /etc/skel
    (LP: #1998169)
    - debian/patches/CVE-2013-4235-pre1.patch: removed
    - debian/patches/CVE-2013-4235-pre2.patch: removed
    - debian/patches/CVE-2013-4235-1.patch: removed
    - debian/patches/CVE-2013-4235-2.patch: removed
    - debian/patches/CVE-2013-4235-3.patch: removed
    - debian/patches/CVE-2013-4235-4.patch: removed
    - debian/patches/CVE-2013-4235-5.patch: removed
    - debian/patches/CVE-2013-4235-6.patch: removed
    - debian/patches/CVE-2013-4235-7.patch: removed
    - debian/patches/CVE-2013-4235-post1.patch: removed
    - debian/patches/CVE-2013-4235-post2.patch: removed
    - debian/patches/CVE-2013-4235-post3.patch: removed

 -- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 08:53:10 -0300
Source diff to previous version
1998169 useradd command does not copy all of /etc/skel
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Version: 1:4.8.1-1ubuntu5.20.04.3 2022-11-28 15:07:57 UTC

  shadow (1:4.8.1-1ubuntu5.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: race condition when copying and removing directory trees
    - debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
    - debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
      type (set_selinux_file_context).
    - debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
    - debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
    - debian/patches/CVE-2013-4235-3.patch: require symlink support.
    - debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
      copy_tree().
    - debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
      copy_tree().
    - debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
    - debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
    - debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
      (copy_tree).
    - debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
      (copy_tree).
    - debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
      (copy_tree).
    - CVE-2013-4235

 -- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:15:58 -0300
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees


About   -   Send Feedback to @ubuntu_updates