ELA-555-1 shadow security update

exposed sensitive information

2022-02-01
Packageshadow
Version1:4.2-3+deb8u5
Related CVEs CVE-2017-12424 CVE-2018-7169


CVE-2017-12424

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information.

CVE-2018-7169

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive
information.


For Debian 8 jessie, these problems have been fixed in version 1:4.2-3+deb8u5.

We recommend that you upgrade your shadow packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.