X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=NEWS;h=87ba9cb56835d057b7a1ab17a37b2fb3a7bcb403;hb=d4e630b8cc0126dda0f071da76ecf315f4330eb5;hp=3b731e96af033d959d6e24b05664079808335ef6;hpb=a8ca72327704d82d8e640795d05a70d3c5fe871c;p=shadow diff --git a/NEWS b/NEWS index 3b731e96..87ba9cb5 100644 --- a/NEWS +++ b/NEWS @@ -2,7 +2,11 @@ $Id$ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED -- general +*** security + * su -c could be abused by the executed command to invoke commands with + the caller privileges. See below. + +*** general * report usage error to stderr, but report usage help to stdout (and return zero) when explicitly requested (e.g. with --help). * initial support for tcb (http://openwall.com/tcb/) for useradd, @@ -39,6 +43,12 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED list of TTYs. * Fixed warning and support for CONSOLE_GROUPS for users member of more than 16 groups. + * Do not forward the controlling terminal to commands executed with -c. + This prevents tty hijacking which could lead to execution with the + caller's privileges. + * Close PAM sessions as root. This will be more friendly to PAM modules + like pam_mount or pam_systemd. + * Added support for PAM modules which change PAM_USER. - newgrp, sg, groupmems * Fix parsing of gshadow entries. - useradd @@ -51,15 +61,31 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED this group isn't the user's primary group. - usermod * Accept options in any order (username not necessarily at the end) + * When the shadow file exists but there are no shadow entries, an entry + is created if the password is changed and passwd requires a + shadow entry, or if aging features are used (-e or -f). *** translation + * Updated Brazilian Portuguese translation. + * Updated Catalan translation. * Updated Czech translation. - * Updated Vietnamese translation. + * Updated Danish translation. + * Updated French translation. + * Updated French man pages translation. + * Updated German translation. + * Updated German man pages translation. + * Updated Japanese translation. * Updated Kazakh translation. + * Updated Portuguese translation. + * Updated Russian translation. + * Updated Simplified Chinese translation. + * Updated Simplified Chinese man pages translation. + * Updated Swedish translation. + * Updated Vietnamese translation. shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15 -*** security: +*** security - CVE-2011-0721: An insufficient input sanitation in chfn can be exploited to create users or groups in a NIS environment.