Ubuntu
shadow package

shadow 1:4.5-1ubuntu2.4 source package in Ubuntu

Changelog

shadow (1:4.5-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: race condition when copying and removing directory trees
    - debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
    - debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
      type (set_selinux_file_context).
    - debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
    - debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
    - debian/patches/CVE-2013-4235-3.patch: require symlink support.
    - debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
      copy_tree().
    - debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
      copy_tree().
    - debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
    - debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
    - debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
      (copy_tree).
    - debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
      (copy_tree).
    - debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
      (copy_tree).
    - CVE-2013-4235

 -- Camila Camargo de Matos <email address hidden>  Thu, 24 Nov 2022 09:30:57 -0300

Upload details

Uploaded by:
Camila Camargo de Matos
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
shadow_4.5.orig.tar.xz 1.3 MiB 22b0952dc944b163e2370bb911b11ca275fc80ad024267cf21e496b28c23d500
shadow_4.5-1ubuntu2.4.debian.tar.xz 472.1 KiB 67f279f6d4367e229f2a419bc2045b1056f16ae3452c54ba19335ce3219eb850
shadow_4.5-1ubuntu2.4.dsc 2.1 KiB f917936460bd533fda24cc8e8427dc727b1d4a9246d964d0b7ae84651dde79f7

View changes file

Binary packages built by this source

login: system login tools

 These tools are required to be able to login and use your system. The
 login program invokes your user shell and enables command execution. The
 newgrp program is used to change your effective group ID (useful for
 workgroup type situations). The su program allows changing your effective
 user ID (useful being able to execute commands as another user).

login-dbgsym: debug symbols for login
passwd: change and administer password and group data

 This package includes passwd, chsh, chfn, and many other programs to
 maintain password and group data.
 .
 Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian

passwd-dbgsym: debug symbols for passwd
uidmap: programs to help use subuids

 These programs help unprivileged users to create uid and gid mappings in
 user namespaces.

uidmap-dbgsym: debug symbols for uidmap