shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
-- general
+*** security
+ * su -c could be abused by the executed command to invoke commands with
+ the caller privileges. See below.
+
+*** general
* report usage error to stderr, but report usage help to stdout (and return
zero) when explicitly requested (e.g. with --help).
* initial support for tcb (http://openwall.com/tcb/) for useradd,
list of TTYs.
* Fixed warning and support for CONSOLE_GROUPS for users member of more
than 16 groups.
+ * Do not forward the controlling terminal to commands executed with -c.
+ This prevents tty hijacking which could lead to execution with the
+ caller's privileges.
+ * Close PAM sessions as root. This will be more friendly to PAM modules
+ like pam_mount or pam_systemd.
+ * Added support for PAM modules which change PAM_USER.
- newgrp, sg, groupmems
* Fix parsing of gshadow entries.
- useradd
this group isn't the user's primary group.
- usermod
* Accept options in any order (username not necessarily at the end)
+ * When the shadow file exists but there are no shadow entries, an entry
+ is created if the password is changed and passwd requires a
+ shadow entry, or if aging features are used (-e or -f).
*** translation
+ * Updated Brazilian Portuguese translation.
+ * Updated Catalan translation.
* Updated Czech translation.
- * Updated Vietnamese translation.
+ * Updated Danish translation.
+ * Updated French translation.
+ * Updated French man pages translation.
+ * Updated German translation.
+ * Updated German man pages translation.
+ * Updated Japanese translation.
* Updated Kazakh translation.
+ * Updated Portuguese translation.
+ * Updated Russian translation.
+ * Updated Simplified Chinese translation.
+ * Updated Simplified Chinese man pages translation.
+ * Updated Swedish translation.
+ * Updated Vietnamese translation.
shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15
-*** security:
+*** security
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
to create users or groups in a NIS environment.