Fedora Legacy Test Update Notification: shadow-utils

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Mar 5 18:11:54 UTC 2005


---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2253
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2253
2005-03-05
---------------------------------------------------------------------

Name        : shadow-utils
Versions    : rh7.3: shadow-utils-20000902-9.7.2.legacy
Versions    : rh9: shadow-utils-4.0.3-6.2.legacy
Versions    : fc1: shadow-utils-4.0.3-12.2.legacy
Summary     : Utilities for managing accounts and shadow password files.
Description :
The shadow-utils package includes the necessary programs for
converting UNIX password files to the shadow password format, plus
programs for managing user and group accounts. The pwconv command
converts passwords to the shadow password format. The pwunconv command
unconverts shadow passwords and generates an npasswd file (a standard
UNIX password file). The pwck command checks the integrity of password
and shadow files. The lastlog command prints out the last login times
for all users. The useradd, userdel, and usermod commands are used for
managing user accounts. The groupadd, groupdel, and groupmod commands
are used for managing group accounts.

---------------------------------------------------------------------
Update Information:

Updated shadow-utils packages that fix a minor security issue are now
available.

The shadow-utils package includes the necessary programs for converting
UNIX password files to the shadow password format, plus programs for
managing user and group accounts.

Martin Schulze has reported a vulnerability in shadow-utils, which can
be exploited by a local attacker to bypass certain security
restrictions. This could lead to unauthorized modification of account
information with an expired password. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1001
to this issue.

Users of shadow-utils are advised to upgrade to these errata packages,
which contain a backported patch correcting this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1:20000902-9.7.2.legacy
- added missing gettext BuilPrereq

* Mon Dec 20 2004 Pekka Savola <pekkas at netcore.fi> 1:20000902-9.7.1.legacy
- added patch to CAN-2004-1001 from Debian. (#2253)

rh9:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2:4.0.3-6.2.legacy
- added missing gettext to BuildPrereq

* Mon Dec 20 2004 Pekka Savola <pekkas at netcore.fi> 2:4.0.3-6.1.legacy
- added patch to CAN-2004-1001 from Debian. (#2253)

fc1:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2:4.0.3-12.2.legacy
- added missing gettext BuildPrereq

* Mon Dec 20 2004 Pekka Savola <pekkas at netcore.fi> 2:4.0.3-12.1.legacy
- added patch to CAN-2004-1001 from Debian. (#2253)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
47ccff4950fc8e8571c9a5edd2b1d23e653d3697 
redhat/7.3/updates-testing/i386/shadow-utils-20000902-9.7.2.legacy.i386.rpm
1f7bb129dc2c1a68a0e50f284555bbfad869b53c 
redhat/7.3/updates-testing/SRPMS/shadow-utils-20000902-9.7.2.legacy.src.rpm

rh9:
eb87986f5946d96029a5e1f949c033910d1535f3 
redhat/9/updates-testing/i386/shadow-utils-4.0.3-6.2.legacy.i386.rpm
c0fe9a828f848514978546eb1014f2b8a2c7d65f 
redhat/9/updates-testing/SRPMS/shadow-utils-4.0.3-6.2.legacy.src.rpm

fc1:
4adc8e194bd9d04adcf52596b92a07d2dd33fc91 
fedora/1/updates-testing/i386/shadow-utils-4.0.3-12.2.legacy.i386.rpm
008ed1a1fec1020a435f9d95d0f61ebee59f17ae 
fedora/1/updates-testing/SRPMS/shadow-utils-4.0.3-12.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050305/d70d2880/attachment.sig>


More information about the fedora-legacy-list mailing list