Ubuntu Security Notice 5254-1 - It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
858b88ea3ec43f6082b7cd185a60cc2aa9521c63ecf08ddb13038428d330f54b
=========================================================================
Ubuntu Security Notice USN-5254-1
January 27, 2022
shadow vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in shadow.
Software Description:
- shadow: system login tools
Details:
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424)
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2018-7169)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
login 1:4.5-1ubuntu2.2
passwd 1:4.5-1ubuntu2.2
uidmap 1:4.5-1ubuntu2.2
Ubuntu 16.04 ESM:
login 1:4.2-3.1ubuntu5.5+esm1
passwd 1:4.2-3.1ubuntu5.5+esm1
uidmap 1:4.2-3.1ubuntu5.5+esm1
Ubuntu 14.04 ESM:
login 1:4.1.5.1-1ubuntu9.5+esm1
passwd 1:4.1.5.1-1ubuntu9.5+esm1
uidmap 1:4.1.5.1-1ubuntu9.5+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5254-1
CVE-2017-12424, CVE-2018-7169
Package Information:
https://launchpad.net/ubuntu/+source/shadow/1:4.5-1ubuntu2.2