Package "shadow"

Name: shadow


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • subordinate id handling library -- shared library
  • subordinate id handling library -- shared library
  • system login tools
  • change and administer password and group data

Latest version: 1:4.11.1+dfsg1-2ubuntu1.1
Release: kinetic (22.10)
Level: updates
Repository: main


Other versions of "shadow" in Kinetic

Repository Area Version
base main 1:4.11.1+dfsg1-2ubuntu1
security main 1:4.11.1+dfsg1-2ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Version: 1:4.11.1+dfsg1-2ubuntu1.1 2022-11-28 16:06:28 UTC

  shadow (1:4.11.1+dfsg1-2ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: race condition when copying and removing directory trees
    - debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
    - debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
    - debian/patches/CVE-2013-4235-3.patch: require symlink support.
    - debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
    - debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
    - debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
    - debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
    - debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
    - debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
    - debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
    - CVE-2013-4235

 -- Camila Camargo de Matos <email address hidden> Wed, 23 Nov 2022 15:21:12 -0300

CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

About   -   Send Feedback to @ubuntu_updates