Skip to navigation

Bug Fix Advisory shadow-utils bug fix update

Advisory: RHBA-2013:0040-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-01-07
Last updated on: 2013-01-07
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated shadow-utils packages that fix a bug in pwconv are now available for Red
Hat Enterprise Linux 5.

The shadow-utils package includes the necessary programs for converting
UNIX password files to the shadow password format, plus programs for
managing user and group accounts. The pwconv command converts passwords to
the shadow password format. The pwunconv command converts shadow passwords
and generates an npasswd file (a standard UNIX password file). The pwck
command checks the integrity of password and shadow files. The lastlog
command prints out the last login times for all users. The useradd,
userdel, and usermod commands are used for managing user accounts. The
groupadd, groupdel, and groupmod commands are used for managing group
accounts.

This update addresses the following bug in pwconv (or grpconv):

* A structural bug in a delete routine meant /etc/shadow (or /etc/gshadow)
files containing bad entries were not updated properly by pwconv (or
grpconv). Specifically if /etc/shadow (or /etc/gshadow) contained two
consecutive bad entries, the second of the two bad entries was skipped when
pwconv (or grpconv) was run on the file. This left the file improperly
updated. With this update, the loop that iterates through /etc/shadow (or
/etc/gshadow) was reworked. No bad lines (consecutive or otherwise) are now
skipped and /etc/shadow (or /etc/gshadow) files are properly updated by
pwconv (or grpconv). (BZ#787736)

All shadow-utils users should install this update which fixes this bug.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
shadow-utils-4.0.17-21.el5.src.rpm     MD5: f79baf80e920e4e2cdb10cfdf08473c4
SHA-256: d1bd1d05a9aaf9c89ce51c55fbb444e723e4984d7e16f510a2b949306f708138
 
IA-32:
shadow-utils-4.0.17-21.el5.i386.rpm     MD5: 13d36724c94007e279bde205786d9906
SHA-256: f227d04c98e6a8526c043e669f9e84ae406ac762e9b34fbab6d13b93fe5036ed
shadow-utils-debuginfo-4.0.17-21.el5.i386.rpm     MD5: 43a7f437c3a990265be08b4cff269bd1
SHA-256: e3d5998e62de34a658c57091b5e1398af0257fdc547442055ac3496725bc9e31
 
IA-64:
shadow-utils-4.0.17-21.el5.ia64.rpm     MD5: 1cdbfbd4f9134598527d2229dc2d15b7
SHA-256: 9b3888ee7848db2b1851e6e66aeb94a1cb39c318f80fa1dbcbd32dd350e9c6ae
shadow-utils-debuginfo-4.0.17-21.el5.ia64.rpm     MD5: 916708626c3e791776f952de2591e404
SHA-256: a9c516913ddcb697ba1c2cda843a36df5373bfd14bc75538b8ac572a15f4a9eb
 
PPC:
shadow-utils-4.0.17-21.el5.ppc.rpm     MD5: 835b511c83c92bf4b0c1e3af17a92e8c
SHA-256: cefbc9b52825cffa3b8984eda0ac3d8008a243ccf5d7c1ab737e2b258e0d919a
shadow-utils-debuginfo-4.0.17-21.el5.ppc.rpm     MD5: de4ffa0c3f742cf5c60087e1026fcee1
SHA-256: dd6fedb1eeb44d14b94f3d3bf154160bac14bfba02569444fdbd5a75dd20ce8e
 
s390x:
shadow-utils-4.0.17-21.el5.s390x.rpm     MD5: a83d10489586e3b803b86a690ac6aa9f
SHA-256: ff8820b1813bcd5fe3734a2346d253177fb20d46aed1260f6a0db21e1d8bc805
shadow-utils-debuginfo-4.0.17-21.el5.s390x.rpm     MD5: 565da97d89d56e52ed0dc047ab2446d1
SHA-256: d33854a69b9b456af2ee41d01c297f0f928aa2b17b2f5417d30354b384f9e66b
 
x86_64:
shadow-utils-4.0.17-21.el5.x86_64.rpm     MD5: 5c535cc7d9837ea83c6910455e3f44c7
SHA-256: ebdc0af7b856922660cd4ebe4c38b7fa63514c386a27716668ae1ba1d2dff3fc
shadow-utils-debuginfo-4.0.17-21.el5.x86_64.rpm     MD5: 94197360ae557f60587b652b8361dcc9
SHA-256: 1c049cfc2b1b0c75b59af4db3fc85a4365f4f4fd1f0d20497281769bdadd4ecd
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
shadow-utils-4.0.17-21.el5.src.rpm     MD5: f79baf80e920e4e2cdb10cfdf08473c4
SHA-256: d1bd1d05a9aaf9c89ce51c55fbb444e723e4984d7e16f510a2b949306f708138
 
IA-32:
shadow-utils-4.0.17-21.el5.i386.rpm     MD5: 13d36724c94007e279bde205786d9906
SHA-256: f227d04c98e6a8526c043e669f9e84ae406ac762e9b34fbab6d13b93fe5036ed
shadow-utils-debuginfo-4.0.17-21.el5.i386.rpm     MD5: 43a7f437c3a990265be08b4cff269bd1
SHA-256: e3d5998e62de34a658c57091b5e1398af0257fdc547442055ac3496725bc9e31
 
x86_64:
shadow-utils-4.0.17-21.el5.x86_64.rpm     MD5: 5c535cc7d9837ea83c6910455e3f44c7
SHA-256: ebdc0af7b856922660cd4ebe4c38b7fa63514c386a27716668ae1ba1d2dff3fc
shadow-utils-debuginfo-4.0.17-21.el5.x86_64.rpm     MD5: 94197360ae557f60587b652b8361dcc9
SHA-256: 1c049cfc2b1b0c75b59af4db3fc85a4365f4f4fd1f0d20497281769bdadd4ecd
 
(The unlinked packages above are only available from the Red Hat Network)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/