USN-5745-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-5745-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5745-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5745-2
Published
2022-11-29T17:23:51.622237Z
Modified
2022-11-29T17:23:51.622237Z
Summary
shadow regression
Details

USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization.

References

Affected packages

Ubuntu:20.04:LTS / shadow

Package

Name
shadow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.8.1-1ubuntu5.20.04.4

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "login": "1:4.8.1-1ubuntu5.20.04.4",
            "uidmap": "1:4.8.1-1ubuntu5.20.04.4",
            "passwd": "1:4.8.1-1ubuntu5.20.04.4"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / shadow

Package

Name
shadow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.1.5.1-1ubuntu9.5+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "login": "1:4.1.5.1-1ubuntu9.5+esm3",
            "uidmap": "1:4.1.5.1-1ubuntu9.5+esm3",
            "passwd": "1:4.1.5.1-1ubuntu9.5+esm3"
        }
    ]
}

Ubuntu:18.04:LTS / shadow

Package

Name
shadow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.5-1ubuntu2.5

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "login": "1:4.5-1ubuntu2.5",
            "uidmap": "1:4.5-1ubuntu2.5",
            "passwd": "1:4.5-1ubuntu2.5"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / shadow

Package

Name
shadow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.2-3.1ubuntu5.5+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "login": "1:4.2-3.1ubuntu5.5+esm3",
            "uidmap": "1:4.2-3.1ubuntu5.5+esm3",
            "passwd": "1:4.2-3.1ubuntu5.5+esm3"
        }
    ]
}