shadow 1:4.8.1-2ubuntu2.1 source package in Ubuntu
Changelog
shadow (1:4.8.1-2ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: race condition when copying and removing directory trees
- debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
- debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
type (set_selinux_file_context).
- debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
- debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
- debian/patches/CVE-2013-4235-3.patch: require symlink support.
- debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
copy_tree().
- debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
copy_tree().
- debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
- debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
- debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
(copy_tree).
- debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
(copy_tree).
- debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
(copy_tree).
- CVE-2013-4235
-- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:05:18 -0300
Upload details
- Uploaded by:
- Camila Camargo de Matos
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | main | admin | |
| Jammy | security | main | admin |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| shadow_4.8.1.orig.tar.xz | 1.5 MiB | a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62 |
| shadow_4.8.1-2ubuntu2.1.debian.tar.xz | 94.2 KiB | 529d984d5516b5276519d43a7574a6ed0b30c81aa8e22bbdacdab6911997d6e7 |
| shadow_4.8.1-2ubuntu2.1.dsc | 2.0 KiB | 51fd0c6329b4e5a0751e2f09bb9ecd2c845277816709fc1bf89ae5611eb09345 |
Available diffs
Binary packages built by this source
- login: system login tools
This package provides some required infrastructure for logins and for
changing effective user or group IDs, including:
* login, the program that invokes a user shell on a virtual terminal;
* nologin, a dummy shell for disabled user accounts;
* su, a basic tool for executing commands as root or another user.
- login-dbgsym: debug symbols for login
- passwd: change and administer password and group data
This package includes passwd, chsh, chfn, and many other programs to
maintain password and group data.
.
Shadow passwords are supported. See /usr/share/doc/passwd/ README. Debian
- passwd-dbgsym: debug symbols for passwd
- uidmap: programs to help use subuids
These programs help unprivileged users to create uid and gid mappings in
user namespaces.
- uidmap-dbgsym: debug symbols for uidmap
