Debian 10261 Published by

A shadow security update has been released for Debian GNU/Linux 8 Extended LTS to address two security issues.



ELA-555-1 shadow security update

Package shadow
Version 1:4.2-3+deb8u5
Related CVEs CVE-2017-12424 CVE-2018-7169

CVE-2017-12424

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information.

CVE-2018-7169

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive
information.
For Debian 8 jessie, these problems have been fixed in version 1:4.2-3+deb8u5.

We recommend that you upgrade your shadow packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-555-1 shadow security update