- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1650 - shadow-utils bug fix and enhancement update
Synopsis
shadow-utils bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
An updated shadow-utils package that fixes multiple bugs and adds three enhancements is now available for Red Hat Enterprise Linux 6.
Description
The shadow-utils package includes programs for converting UNIX password files to the shadow password format, as well as tools for managing user and group accounts.
This update fixes the following bugs:
-
Previously, the extended access control lists (ACL) on a file or directory below the /etc/skel directory were not preserved when a new user was created. As a result, the file or directory was copied but the extended ACLs that were associated with the file or directory were lost. This update preserves these extended ACLs. (BZ#586796)
-
Previously,the switch-group (sg) command failed with a segmentation fault when using password protected groups. This update modifies the gshadow functions in shadow-utils and also uses the gshadow functions from glibc so that the sg command now handles password protected groups as expected. (BZ#667593)
-
Previously, the new group (newgrp) command failed with a segmentation fault when using password protected groups. This update modifies the newgrp command so that the newgrp command now handles password protected groups as expected. (BZ#672510)
-
Previously, the man page for the useradd command contained misleading information about the -m option. The -m option is described correctly. (BZ#674878, BZ#696213)
-
Previously, the useradd command failed with a segmentation fault when the user ID (UID) range exceeded the maximum of 2147483647 (UID_MAX) accounts on a 64bit system. This update replaces the alloca() function with the malloc() function and checks the return value. Now, the useradd command operates in this range as expected. (BZ#693377)
-
Previously, the lastlog command did not work correctly with large UIDs on 32bit system due to integer overflow. As a result, lastlog showed only users that were logged in. This update modifies the code so that lastlog now shows also users that were never logged in. (BZ#706321)
This update also adds the following enhancements:
-
This update is compiled with the position-independent executable (PIE) and relocation read-only (RELRO) flags which enhance the security of the system. (BZ#723921)
-
With this update, the userdel command offers the option to delete both from the SELinux login mapping. (BZ#639900)
-
This update adds additional comments in "/etc/login.defs". These comments inform the administrator that certain configuration options are ignored in favor of the pam-cracklib module. (BZ#629277, BZ#696213)
All users of shadow-utils are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- shadow-utils-debuginfo-4.1.4.2-13.el6.x86_64.rpm
- shadow-utils-4.1.4.2-13.el6.x86_64.rpm
- shadow-utils-4.1.4.2-13.el6.ppc64.rpm
- shadow-utils-debuginfo-4.1.4.2-13.el6.s390x.rpm
- shadow-utils-4.1.4.2-13.el6.s390x.rpm
- shadow-utils-4.1.4.2-13.el6.src.rpm
- shadow-utils-debuginfo-4.1.4.2-13.el6.i686.rpm
- shadow-utils-4.1.4.2-13.el6.i686.rpm
- shadow-utils-debuginfo-4.1.4.2-13.el6.ppc64.rpm
Fixes
- This content is not included.BZ - 629277
- This content is not included.BZ - 639900
- This content is not included.BZ - 639975
- This content is not included.BZ - 639976
- This content is not included.BZ - 667593
- This content is not included.BZ - 672510
- This content is not included.BZ - 674878
- This content is not included.BZ - 693377
- This content is not included.BZ - 696213
- This content is not included.BZ - 706321
- This content is not included.BZ - 723921
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.