USN-6640-1: shadow vulnerability
15 February 2024
shadow could be made to expose sensitive information.
Releases
Packages
- shadow - system login tools
Details
It was discovered that shadow was not properly sanitizing memory when
running the password utility. An attacker could possibly use this issue
to retrieve a password from memory, exposing sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
-
libsubid-dev
-
1:4.13+dfsg1-1ubuntu1.1
-
libsubid4
-
1:4.13+dfsg1-1ubuntu1.1
-
login
-
1:4.13+dfsg1-1ubuntu1.1
-
passwd
-
1:4.13+dfsg1-1ubuntu1.1
-
uidmap
-
1:4.13+dfsg1-1ubuntu1.1
Ubuntu 22.04
Ubuntu 20.04
-
login
-
1:4.8.1-1ubuntu5.20.04.5
-
passwd
-
1:4.8.1-1ubuntu5.20.04.5
-
uidmap
-
1:4.8.1-1ubuntu5.20.04.5
Ubuntu 18.04
-
login
-
1:4.5-1ubuntu2.5+esm1
Available with Ubuntu Pro
-
passwd
-
1:4.5-1ubuntu2.5+esm1
Available with Ubuntu Pro
-
uidmap
-
1:4.5-1ubuntu2.5+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
login
-
1:4.2-3.1ubuntu5.5+esm4
Available with Ubuntu Pro
-
passwd
-
1:4.2-3.1ubuntu5.5+esm4
Available with Ubuntu Pro
-
uidmap
-
1:4.2-3.1ubuntu5.5+esm4
Available with Ubuntu Pro
Ubuntu 14.04
-
login
-
1:4.1.5.1-1ubuntu9.5+esm4
Available with Ubuntu Pro
-
passwd
-
1:4.1.5.1-1ubuntu9.5+esm4
Available with Ubuntu Pro
-
uidmap
-
1:4.1.5.1-1ubuntu9.5+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.