- Issued:
- 2007-11-15
- Updated:
- 2007-11-15
RHBA-2007:0832 - Bug Fix Advisory
Synopsis
shadow-utils bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated shadow-utils packages that fix various bugs are now
available.
Description
The shadow-utils package includes the necessary programs for converting
UNIX password files to the shadow password format, plus programs for
managing user and group accounts.
These updated packages fix the following issues:
- in previous shadow-utils packages /var/log/faillog was created as a huge,
sparse file. Utilities trying to read this file could cause a system hang.
- userdel and usermod caused infinite loops when duplicate names existed in
/etc/group or /etc/shadow. These infinite loops leaked memory and could
eventually crash the machine with out-of-memory errors.
- if the shadow password suite configuration file -- /etc/login.defs -- was
modified, shadow-utils version 4.0.3-61 would not install unless forced
using the "update -f" command. Using this option, however, would cause the
extant /etc/login.defs file to be renamed to /etc/login.defs.rpmsave,
leaving a default login.defs file in its place. The update package's spec
file now marks /etc/login.defs to not be replaced during updates.
All shadow-utils users should upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 239018 - /etc/login.defs overwrites customer config
- BZ - 240915 - [RHEL4] userdel/usermod infinite loop with duplicate names in /etc/group or /etc/gshadow
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
shadow-utils-4.0.3-63.RHEL4.src.rpm | SHA-256: 8997f2d2e4464907e08e2556cafc62d09f592a116302693e8cb937b6233e5ea1 |
x86_64 | |
shadow-utils-4.0.3-63.RHEL4.x86_64.rpm | SHA-256: 4073a3ffe1b8e649bed3a0a4a91b26d6f7d079d2b5b4a7e6564705d89cdedec0 |
shadow-utils-4.0.3-63.RHEL4.x86_64.rpm | SHA-256: 4073a3ffe1b8e649bed3a0a4a91b26d6f7d079d2b5b4a7e6564705d89cdedec0 |
ia64 | |
shadow-utils-4.0.3-63.RHEL4.ia64.rpm | SHA-256: 356300eb38d5a8df9859d20470186a50ca11fbb460be6db00d961d48ffec65b9 |
shadow-utils-4.0.3-63.RHEL4.ia64.rpm | SHA-256: 356300eb38d5a8df9859d20470186a50ca11fbb460be6db00d961d48ffec65b9 |
i386 | |
shadow-utils-4.0.3-63.RHEL4.i386.rpm | SHA-256: 7c18dfe9917abc63f057a797ce75293ce681a2dc7a6f57e7d8f2070d08f18cd6 |
shadow-utils-4.0.3-63.RHEL4.i386.rpm | SHA-256: 7c18dfe9917abc63f057a797ce75293ce681a2dc7a6f57e7d8f2070d08f18cd6 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
shadow-utils-4.0.3-63.RHEL4.src.rpm | SHA-256: 8997f2d2e4464907e08e2556cafc62d09f592a116302693e8cb937b6233e5ea1 |
x86_64 | |
shadow-utils-4.0.3-63.RHEL4.x86_64.rpm | SHA-256: 4073a3ffe1b8e649bed3a0a4a91b26d6f7d079d2b5b4a7e6564705d89cdedec0 |
ia64 | |
shadow-utils-4.0.3-63.RHEL4.ia64.rpm | SHA-256: 356300eb38d5a8df9859d20470186a50ca11fbb460be6db00d961d48ffec65b9 |
i386 | |
shadow-utils-4.0.3-63.RHEL4.i386.rpm | SHA-256: 7c18dfe9917abc63f057a797ce75293ce681a2dc7a6f57e7d8f2070d08f18cd6 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
shadow-utils-4.0.3-63.RHEL4.src.rpm | SHA-256: 8997f2d2e4464907e08e2556cafc62d09f592a116302693e8cb937b6233e5ea1 |
x86_64 | |
shadow-utils-4.0.3-63.RHEL4.x86_64.rpm | SHA-256: 4073a3ffe1b8e649bed3a0a4a91b26d6f7d079d2b5b4a7e6564705d89cdedec0 |
i386 | |
shadow-utils-4.0.3-63.RHEL4.i386.rpm | SHA-256: 7c18dfe9917abc63f057a797ce75293ce681a2dc7a6f57e7d8f2070d08f18cd6 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
shadow-utils-4.0.3-63.RHEL4.src.rpm | SHA-256: 8997f2d2e4464907e08e2556cafc62d09f592a116302693e8cb937b6233e5ea1 |
s390x | |
shadow-utils-4.0.3-63.RHEL4.s390x.rpm | SHA-256: 119149f65a008958bd7e83eccab7f9582368664eb8dc328047e7c6fb3d76dbf1 |
s390 | |
shadow-utils-4.0.3-63.RHEL4.s390.rpm | SHA-256: 57bb0086785b7fcac793b1e1ff23d05810c2237337066a0d5e4944a237f1d44c |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
shadow-utils-4.0.3-63.RHEL4.src.rpm | SHA-256: 8997f2d2e4464907e08e2556cafc62d09f592a116302693e8cb937b6233e5ea1 |
ppc | |
shadow-utils-4.0.3-63.RHEL4.ppc.rpm | SHA-256: 660009bb7348a47487de427f2e42202f1f37c98d474e3b8e3db8f6c010460747 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.