-
Security Vulnerability
-
Resolution: Fixed
-
Severe (Ebuild)
-
None
-
None
-
None
A vulnerability found in Shadow may allow local attackers to bypass security restrictions.
Affected Packages
Package sys-apps/shadow on all architectures
Affected versions < 4.6
Unaffected versions >= 4.6
Background
Shadow is a set of tools to deal with user accounts.
Description
A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths.
Impact
A local attacker could possibly bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All shadow users should upgrade to the latest version:
- emerge --sync
- emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.6"
References
CVE-2018-7169