A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors.
|Package||sys-apps/shadow on all architectures|
|Affected versions||< 4.5|
|Unaffected versions||>= 4.5|
Shadow is a set of tools to deal with user accounts.
Malformed input in the newusers tool may produce crashes and other unspecified behaviors.
A remote attacker could possibly cause a Denial of Service condition or bypass privilege boundaries in some web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
There is no known workaround at this time.
All Shadow users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.5"
October 15, 2017
October 15, 2017: 1