--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2253 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2253 2005-03-05 ---------------------------------------------------------------------
Name : shadow-utils Versions : rh7.3: shadow-utils-20000902-9.7.2.legacy Versions : rh9: shadow-utils-4.0.3-6.2.legacy Versions : fc1: shadow-utils-4.0.3-12.2.legacy Summary : Utilities for managing accounts and shadow password files. Description : The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts.
--------------------------------------------------------------------- Update Information:
Updated shadow-utils packages that fix a minor security issue are now available.
The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts.
Martin Schulze has reported a vulnerability in shadow-utils, which can be exploited by a local attacker to bypass certain security restrictions. This could lead to unauthorized modification of account information with an expired password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1001 to this issue.
Users of shadow-utils are advised to upgrade to these errata packages, which contain a backported patch correcting this issue.
--------------------------------------------------------------------- Changelogs
rh73:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:20000902-9.7.2.legacy
- added missing gettext BuilPrereq
* Mon Dec 20 2004 Pekka Savola <pekkas@xxxxxxxxxx> 1:20000902-9.7.1.legacy - added patch to CAN-2004-1001 from Debian. (#2253)
rh9:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2:4.0.3-6.2.legacy
- added missing gettext to BuildPrereq
* Mon Dec 20 2004 Pekka Savola <pekkas@xxxxxxxxxx> 2:4.0.3-6.1.legacy - added patch to CAN-2004-1001 from Debian. (#2253)
fc1:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2:4.0.3-12.2.legacy
- added missing gettext BuildPrereq
* Mon Dec 20 2004 Pekka Savola <pekkas@xxxxxxxxxx> 2:4.0.3-12.1.legacy - added patch to CAN-2004-1001 from Debian. (#2253)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
rh7.3:
47ccff4950fc8e8571c9a5edd2b1d23e653d3697 redhat/7.3/updates-testing/i386/shadow-utils-20000902-9.7.2.legacy.i386.rpm
1f7bb129dc2c1a68a0e50f284555bbfad869b53c redhat/7.3/updates-testing/SRPMS/shadow-utils-20000902-9.7.2.legacy.src.rpm
rh9:
eb87986f5946d96029a5e1f949c033910d1535f3 redhat/9/updates-testing/i386/shadow-utils-4.0.3-6.2.legacy.i386.rpm
c0fe9a828f848514978546eb1014f2b8a2c7d65f redhat/9/updates-testing/SRPMS/shadow-utils-4.0.3-6.2.legacy.src.rpm
fc1:
4adc8e194bd9d04adcf52596b92a07d2dd33fc91 fedora/1/updates-testing/i386/shadow-utils-4.0.3-12.2.legacy.i386.rpm
008ed1a1fec1020a435f9d95d0f61ebee59f17ae fedora/1/updates-testing/SRPMS/shadow-utils-4.0.3-12.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
