Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access. - CVE-2011-0721: An insufficient input sanitation in chfn can be exploited to create users or groups in a NIS environment. ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.3.NEWS
I'm not sure about the severity, but it looks like a newline injection. It might be possible to inject a line with UID=0. Unfortunately there is not much info about this vulnerability. Debian rates it as minor.
seems the .3 release is the .2 release plus this one fix (and a lot of regenerated files). so it should be fairly safe to stabilize quickly.
Thank you. Arches, please stabilize =sys-apps/shadow-4.1.4.3
works on amd64!
amd64 done. Thanks Agostino
ppc/ppc64 stable
Tested on SPARC, seems to work OK. Could stabilse.
Stable for HPPA.
arm stable
x86 stable
alpha/ia64/m68k/s390/sh/sparc stable
Thanks, folks. GLSA request filed.
CVE-2011-0721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721): Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle).