INFSA-2025:20559: shadow-utils security update
Information about definition
Identificator: INFSA-2025:20559
Type: security
Release date: 2025-12-01 17:19:13 UTC
Information about package
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.
Vulnerabilities description
- CVE-2024-56433
A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-56433
|
no information | 3.6 | no information |
Updated packages
Preparing to download...