Summary: | <sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa? cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 909740 | ||
Bug Blocks: |
Description
Sam James
2023-06-17 02:29:11 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16921604a6bd3ec292570577a472d18aebe60389 commit 16921604a6bd3ec292570577a472d18aebe60389 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-17 02:29:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-17 02:32:11 +0000 sys-apps/shadow: backport password leak fix, backport usermod gid --prefix fix Bug: https://bugs.gentoo.org/908613 Closes: https://bugs.gentoo.org/894754 Signed-off-by: Sam James <sam@gentoo.org> .../shadow/files/shadow-4.13-password-leak.patch | 135 +++++++++++ .../files/shadow-4.13-usermod-prefix-gid.patch | 33 +++ sys-apps/shadow/shadow-4.13-r4.ebuild | 268 +++++++++++++++++++++ 3 files changed, 436 insertions(+) fwiw I went for B as it's supposedly not particularly easy to exploit, but A is fine as well Ah, you're right, we can treat it that way despite not quite being a "configuration". One day we'll make a better rating system... |