(RHSA-2024:2577) Low: shadow-utils security update

2024-04-3014:00:10

access.redhat.com

rhsa-2024

shadow-utils

password leak

cve-2023-4641

unix

password files

user accounts

group accounts

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

The shadow-utils packages include programs for converting UNIX password files to
the shadow password format, as well as utilities for managing user and group
accounts.

Security Fix(es):

shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64leshadow-utils-subid-debuginfo< 4.6-17.el8_8.2shadow-utils-subid-debuginfo-4.6-17.el8_8.2.ppc64le.rpm
RedHat8ppc64leshadow-utils-debuginfo< 4.6-17.el8_8.2shadow-utils-debuginfo-4.6-17.el8_8.2.ppc64le.rpm
RedHat8s390xshadow-utils-debuginfo< 4.6-17.el8_8.2shadow-utils-debuginfo-4.6-17.el8_8.2.s390x.rpm
RedHat8s390xshadow-utils-debugsource< 4.6-17.el8_8.2shadow-utils-debugsource-4.6-17.el8_8.2.s390x.rpm
RedHat8aarch64shadow-utils< 4.6-17.el8_8.2shadow-utils-4.6-17.el8_8.2.aarch64.rpm
RedHat8i686shadow-utils-debugsource< 4.6-17.el8_8.2shadow-utils-debugsource-4.6-17.el8_8.2.i686.rpm
RedHat8aarch64shadow-utils-subid< 4.6-17.el8_8.2shadow-utils-subid-4.6-17.el8_8.2.aarch64.rpm
RedHat8s390xshadow-utils-subid-devel< 4.6-17.el8_8.2shadow-utils-subid-devel-4.6-17.el8_8.2.s390x.rpm
RedHat8s390xshadow-utils< 4.6-17.el8_8.2shadow-utils-4.6-17.el8_8.2.s390x.rpm
RedHat8i686shadow-utils-debuginfo< 4.6-17.el8_8.2shadow-utils-debuginfo-4.6-17.el8_8.2.i686.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	shadow-utils-subid-debuginfo	< 4.6-17.el8_8.2	shadow-utils-subid-debuginfo-4.6-17.el8_8.2.ppc64le.rpm
RedHat	8	ppc64le	shadow-utils-debuginfo	< 4.6-17.el8_8.2	shadow-utils-debuginfo-4.6-17.el8_8.2.ppc64le.rpm
RedHat	8	s390x	shadow-utils-debuginfo	< 4.6-17.el8_8.2	shadow-utils-debuginfo-4.6-17.el8_8.2.s390x.rpm
RedHat	8	s390x	shadow-utils-debugsource	< 4.6-17.el8_8.2	shadow-utils-debugsource-4.6-17.el8_8.2.s390x.rpm
RedHat	8	aarch64	shadow-utils	< 4.6-17.el8_8.2	shadow-utils-4.6-17.el8_8.2.aarch64.rpm
RedHat	8	i686	shadow-utils-debugsource	< 4.6-17.el8_8.2	shadow-utils-debugsource-4.6-17.el8_8.2.i686.rpm
RedHat	8	aarch64	shadow-utils-subid	< 4.6-17.el8_8.2	shadow-utils-subid-4.6-17.el8_8.2.aarch64.rpm
RedHat	8	s390x	shadow-utils-subid-devel	< 4.6-17.el8_8.2	shadow-utils-subid-devel-4.6-17.el8_8.2.s390x.rpm
RedHat	8	s390x	shadow-utils	< 4.6-17.el8_8.2	shadow-utils-4.6-17.el8_8.2.s390x.rpm
RedHat	8	i686	shadow-utils-debuginfo	< 4.6-17.el8_8.2	shadow-utils-debuginfo-4.6-17.el8_8.2.i686.rpm