Lucene search

K
almalinuxAlmaLinuxALSA-2023:6632
HistoryNov 07, 2023 - 12:00 a.m.

Low: shadow-utils security and bug fix update

2023-11-0700:00:00
errata.almalinux.org
11
shadow-utils
bug fix
password leak

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

10.3%

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.

Security Fix(es):

  • shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

10.3%