Accepted shadow 1:4.0.3-30.2ubuntu3 (source)
Martin Pitt
martin.pitt at canonical.com
Thu Nov 4 17:25:04 CST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 3 Nov 2004 09:50:07 +0100
Source: shadow
Binary: login passwd
Architecture: source
Version: 1:4.0.3-30.2ubuntu3
Distribution: hoary
Urgency: low
Maintainer: Karl Ramm <kcr at debian.org>
Changed-By: Martin Pitt <martin.pitt at canonical.com>
Description:
login - System login tools
passwd - Change and administer password and group data
Changes:
shadow (1:4.0.3-30.2ubuntu3) hoary; urgency=low
.
* SECURITY UPDATE: Fix input validation which allowed local users to bypass
certain security restrictions.
* libmisc/pwdcheck.c, passwd_check(): Always do "goto bailout" if
pam_chauthok() failed; previously, the result of pam_chkauthtok() was
ignored. This function is used by "chsh" and "chfn". This could be
exploited to do unauthorized modification of account properties.
* Thanks to Martin Schulze <joey at infodrom.org> for discovering this.
* References:
CAN-2004-1001
http://secunia.com/advisories/13028
Files:
05955af4d01516cb8b1fef3a32e3869b 762 base required shadow_4.0.3-30.2ubuntu3.dsc
e1330d57e10886deb134f7488f768a56 1042308 base required shadow_4.0.3-30.2ubuntu3.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBiJyKDecnbV4Fd/IRAqAjAJ0ULTBMz0/Ss8zCL535MirIhVfAxwCglXs/
SZKbGAv65ZfkEJJTQuCf/zA=
=TKE1
-----END PGP SIGNATURE-----
Accepted:
shadow_4.0.3-30.2ubuntu3.diff.gz
to pool/main/s/shadow/shadow_4.0.3-30.2ubuntu3.diff.gz
shadow_4.0.3-30.2ubuntu3.dsc
to pool/main/s/shadow/shadow_4.0.3-30.2ubuntu3.dsc
More information about the hoary-changes
mailing list