An update for shadow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1258 Final 1.0 1.0 2023-04-28 Initial 2023-04-28 2023-04-28 openEuler SA Tool V1.0 2023-04-28 shadow security update An update for shadow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. This package includes the necessary programs for converting plain password files to the shadow password format and to manage user and group accounts. Security Fix(es): In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.(CVE-2023-29383) An update for shadow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low shadow https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1258 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29383 https://nvd.nist.gov/vuln/detail/CVE-2023-29383 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 shadow-debuginfo-4.8.1-7.oe1.aarch64.rpm shadow-debugsource-4.8.1-7.oe1.aarch64.rpm shadow-4.8.1-7.oe1.aarch64.rpm shadow-4.8.1-6.oe1.aarch64.rpm shadow-debuginfo-4.8.1-6.oe1.aarch64.rpm shadow-debugsource-4.8.1-6.oe1.aarch64.rpm shadow-4.9-7.oe2203.aarch64.rpm shadow-debuginfo-4.9-7.oe2203.aarch64.rpm shadow-debugsource-4.9-7.oe2203.aarch64.rpm shadow-subid-devel-4.9-7.oe2203.aarch64.rpm shadow-debuginfo-4.9-9.oe2203sp1.aarch64.rpm shadow-subid-devel-4.9-9.oe2203sp1.aarch64.rpm shadow-debugsource-4.9-9.oe2203sp1.aarch64.rpm shadow-4.9-9.oe2203sp1.aarch64.rpm shadow-help-4.8.1-7.oe1.noarch.rpm shadow-help-4.8.1-6.oe1.noarch.rpm shadow-help-4.9-7.oe2203.noarch.rpm shadow-help-4.9-9.oe2203sp1.noarch.rpm shadow-4.8.1-7.oe1.src.rpm shadow-4.8.1-6.oe1.src.rpm shadow-4.9-7.oe2203.src.rpm shadow-4.9-9.oe2203sp1.src.rpm shadow-debugsource-4.8.1-7.oe1.x86_64.rpm shadow-debuginfo-4.8.1-7.oe1.x86_64.rpm shadow-4.8.1-7.oe1.x86_64.rpm shadow-debuginfo-4.8.1-6.oe1.x86_64.rpm shadow-debugsource-4.8.1-6.oe1.x86_64.rpm shadow-4.8.1-6.oe1.x86_64.rpm shadow-subid-devel-4.9-7.oe2203.x86_64.rpm shadow-4.9-7.oe2203.x86_64.rpm shadow-debugsource-4.9-7.oe2203.x86_64.rpm shadow-debuginfo-4.9-7.oe2203.x86_64.rpm shadow-4.9-9.oe2203sp1.x86_64.rpm shadow-debugsource-4.9-9.oe2203sp1.x86_64.rpm shadow-debuginfo-4.9-9.oe2203sp1.x86_64.rpm shadow-subid-devel-4.9-9.oe2203sp1.x86_64.rpm In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that cat /etc/passwd shows a rogue user account. 2023-04-28 CVE-2023-29383 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N shadow security update 2023-04-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1258