Information on source package shadow

Available versions

ReleaseVersion
wheezy1:4.1.5.1-1
wheezy (security)1:4.1.5.1-1+deb7u1
jessie (security)1:4.2-3+deb8u4
stretch1:4.4-4.1
buster1:4.5-1
sid1:4.5-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-12424vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn shadow before 4.5, the newusers tool could be made to manipulate ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
TEMP-0628843-DBAD28vulnerablevulnerablevulnerablevulnerablevulnerablemore related to CVE-2005-4890
CVE-2013-4235vulnerablevulnerablevulnerablevulnerablevulnerableTOCTOU race conditions by copying and removing directory trees
CVE-2007-5686vulnerablevulnerablevulnerablevulnerablevulnerableinitscripts in rPath Linux 1 sets insecure permissions for the ...

Resolved issues

BugDescription
TEMP-0000000-6F6CD4Insecure mailbox generation in passwd's useradd
CVE-2017-2616Sending SIGKILL to other processes with root privileges via su
CVE-2016-6252Integer overflow in shadow 4.2.1 allows local users to gain privileges ...
CVE-2011-0721Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in ...
CVE-2008-5394/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...
CVE-2006-3597passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...
CVE-2006-3378passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...
CVE-2006-1844The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...
CVE-2006-1376The installation of Debian GNU/Linux 3.1r1 from the network install CD ...
CVE-2006-1183The Ubuntu 5.10 installer does not properly clear passwords from the ...
CVE-2006-1174useradd in shadow-utils before 4.0.3, and possibly other versions ...
CVE-2005-4890login: tty hijacking possible in "su" via TIOCSTI ioctl
CVE-2004-1001Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...
CVE-2002-1594Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...

Security announcements

DSA / DLADescription
DSA-3793-2shadow - regression update
DLA-838-1shadow - security update
DSA-3793-1shadow - security update
DSA-2164-1shadow - missing input sanitization
DSA-1709-1shadow - privilege escalation
DSA-1150-1shadow - programming error
DSA-585-1shadow - programming error

Search for package or bug name: Reporting problems