CLSA-2024-1719246768 shadow-utils: Fix of CVE-2023-4641

CVE-2023-4641: fix buffer cleaning issue when password fails on second attempt...

EulerOS 2.0 SP11 : shadow (EulerOS-SA-2023-3043)

According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second...

Amazon Linux 2023 : shadow-utils, shadow-utils-subid, shadow-utils-subid-devel (ALAS2023-2023-450)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-450 advisory. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to sto...

The vulnerability of the data modem in the microprogramming software of Qualcomm-internal chips allows a perpetrator to cause a service failure.

The vulnerability of the data modem component of Qualcomm’s embedded software is related to incorrect cleaning of the TLB buffer during message processing. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Oracle Linux 9 : shadow-utils (ELSA-2023-6632)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6632 advisory. 2:4.9-8 - gpasswd: fix password leak. Resolves: 2215948 2:4.9-7 - useradd: check if subid range exists for user. Resolves: 2179987 - findnewguid: Skip over IDs...

shadow-utils: possible password leak during passwd(1) change

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

RHEL 9 : shadow-utils (RHSA-2023:6632)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6632 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user a...

Low: shadow-utils

Issue Overview: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve t...

Amazon Linux 2 : shadow-utils (ALAS-2023-2247)

The version of shadow-utils installed on the remote host is prior to 4.1.5.1-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2247 advisory. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fai...