Joined: 12 May 2004
|Posted: Wed May 23, 2018 1:26 am Post subject: [ GLSA 201805-09 ] Shadow
|Gentoo Linux Security Advisory
Title: Shadow: security bypass (GLSA 201805-09)
A vulnerability found in Shadow may allow local attackers to bypass
Shadow is a set of tools to deal with user accounts.
Vulnerable: < 4.6
Unaffected: >= 4.6
Architectures: All supported architectures
A local attacker could possibly bypass security restrictions if an
administrator used “group blacklisting” to restrict access to file
A local attacker could possibly bypass security restrictions.
There is no known workaround at this time.
All shadow users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.6"