| Package | shadow |
|---|---|
| Version | 1:4.4-4.1+deb9u2 (stretch), 1:4.5-1.1+deb10u1 (buster) |
| Related CVEs | CVE-2018-7169 CVE-2023-4641 CVE-2023-29383 |
Multiple vulnerabilities have been fixed in shadow, commonly used utilities to change and administer password and group data.
CVE-2018-7169
unprivileged user can drop supplementary groups
CVE-2023-4641
gpasswd password leak
CVE-2023-29383
chfn missing control character check
For Debian 10 buster, these problems have been fixed in version 1:4.5-1.1+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 1:4.4-4.1+deb9u2.
We recommend that you upgrade your shadow packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.