shadow-utils security and bug fix update

2:4.9-8 - gpasswd: fix password leak. Resolves: 2215948 2:4.9-7 - useradd: check if subid range exists for user. Resolves: 2179987 - findnewguid: Skip over IDs that are reserved for legacy reasons. Resolves: 2179988...

shadow-utils: possible password leak during passwd(1) change

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

Low: Red Hat Security Advisory: shadow-utils security and bug fix update

An update for shadow-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Low: shadow-utils security and bug fix update

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: possible password leak during passwd1 change CVE-2023-4641 For more details about the security...

ALSA-2023:6632 Low: shadow-utils security and bug fix update

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: possible password leak during passwd1 change CVE-2023-4641 For more details about the security...

RHEL 9 : shadow-utils (RHSA-2023:6632)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6632 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user a...

Low: shadow-utils

Issue Overview: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve t...

Amazon Linux AMI : shadow-utils (ALAS-2023-1873)

The version of shadow-utils installed on the remote host is prior to 4.1.4.2-13.11. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1873 advisory. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-3020)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2023-0294)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0294 Updated shadow-utils packages fix a security vulnerability

The updated packages fix a security vulnerability: Potential password leak. CVE-2023-4641...

Updated shadow-utils packages fix a security vulnerability

The updated packages fix a security vulnerability: Potential password leak. CVE-2023-4641...

SUSE SLES15 Security Update : shadow (SUSE-SU-2023:4027-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4027-1 advisory. - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the secon...

SUSE SLES15 Security Update : shadow (SUSE-SU-2023:4025-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4025-1 advisory. - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the secon...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : shadow (SUSE-SU-2023:4024-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4024-1 advisory. - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice...

SUSE SLES12 Security Update : shadow (SUSE-SU-2023:4023-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4023-1 advisory. - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the secon...

Low: shadow-utils

Issue Overview: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve t...

Amazon Linux 2 : shadow-utils (ALAS-2023-2247)

The version of shadow-utils installed on the remote host is prior to 4.1.5.1-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2247 advisory. A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fai...

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

CVE-2023-0634

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...