Bug 147570

Summary: Unauthorized account properties modification (chfn and chsh)
Product: [Fedora] Fedora Reporter: Marcin Garski <mgarski>
Component: shadow-utilsAssignee: Peter Vrabec <pvrabec>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://cvs.pld.org.pl/shadow/NEWS?rev=1.105
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-04 10:02:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcin Garski 2005-02-09 13:43:07 UTC 
shadow-4.0.5 has fixed securirty bug in libmisc/pwdcheck.c which allow
unauthorized account properties modification. Affected tools: chfn and
chsh. See URL for changelog.

Please consider updating shadow-utils to 4.0.7 version (as I know this
is how bugs are fixed in FC, package is updated to newer version
instead of backporting patch to old version), the newer version can
and probably will fix some open bugs on bugzilla.