Bug Fix Advisory shadow-utils bug fix and enhancement update

Advisory: RHBA-2008:0692-6
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2008-07-24
Last updated on: 2008-07-24
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A

Details

An updated shadow-utils package that fixes a bug and adds an enhancement is
now available.

The shadow-utils package includes the necessary programs for converting
UNIX® password files to the shadow password format, as well as tools for
managing user and group accounts.

An infinite loop when running the "grpconv" or "grpunconv" commands, caused
by duplicate entries in "/etc/group" or "/etc/gshadow", has been resolved.

As well, support for the SHA-256 and SHA-512 password hashes has been added
to glibc. As such, shadow-utils has been updated to allow users to use
SHA-256 and SHA-512 password hashes to generate more secure passwords.

Users of shadow-utils are advised to upgrade to this updated package, which
resolves this issue and adds this enhancement.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
shadow-utils-4.0.3-66.RHEL4.src.rpm     6b5b609063992eb56151ff74e1af6e1c
 
IA-32:
shadow-utils-4.0.3-66.RHEL4.i386.rpm     46c0e96e19752d2bb3e9bdb585d131fa
 
x86_64:
shadow-utils-4.0.3-66.RHEL4.x86_64.rpm     98a7d31ebe2fd766925aa0d3d49b53fc
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
shadow-utils-4.0.3-66.RHEL4.src.rpm     6b5b609063992eb56151ff74e1af6e1c
 
IA-32:
shadow-utils-4.0.3-66.RHEL4.i386.rpm     46c0e96e19752d2bb3e9bdb585d131fa
 
IA-64:
shadow-utils-4.0.3-66.RHEL4.ia64.rpm     d1371c4e0e495fb4904cff4830f519f5
 
PPC:
shadow-utils-4.0.3-66.RHEL4.ppc.rpm     31d88148e823e1ffe49157b5550ce455
 
s390:
shadow-utils-4.0.3-66.RHEL4.s390.rpm     b4d672b80cb2e6a5f158fce00379969b
 
s390x:
shadow-utils-4.0.3-66.RHEL4.s390x.rpm     d49ebb6c37777f1535c4e35c1916e6f9
 
x86_64:
shadow-utils-4.0.3-66.RHEL4.x86_64.rpm     98a7d31ebe2fd766925aa0d3d49b53fc
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
shadow-utils-4.0.3-66.RHEL4.src.rpm     6b5b609063992eb56151ff74e1af6e1c
 
IA-32:
shadow-utils-4.0.3-66.RHEL4.i386.rpm     46c0e96e19752d2bb3e9bdb585d131fa
 
IA-64:
shadow-utils-4.0.3-66.RHEL4.ia64.rpm     d1371c4e0e495fb4904cff4830f519f5
 
x86_64:
shadow-utils-4.0.3-66.RHEL4.x86_64.rpm     98a7d31ebe2fd766925aa0d3d49b53fc
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
shadow-utils-4.0.3-66.RHEL4.src.rpm     6b5b609063992eb56151ff74e1af6e1c
 
IA-32:
shadow-utils-4.0.3-66.RHEL4.i386.rpm     46c0e96e19752d2bb3e9bdb585d131fa
 
IA-64:
shadow-utils-4.0.3-66.RHEL4.ia64.rpm     d1371c4e0e495fb4904cff4830f519f5
 
x86_64:
shadow-utils-4.0.3-66.RHEL4.x86_64.rpm     98a7d31ebe2fd766925aa0d3d49b53fc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

444107 - [RHEL4] userdel/usermod infinite loop with duplicate names in /etc/group or /etc/gshadow


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/