shadow-utils-4.9-15.el9

エラータID: AXSA:2025-11140:02

Release date: 
Friday, November 28, 2025 - 11:00
Subject: 
shadow-utils-4.9-15.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.

Security Fix(es):

* shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9 Release Notes linked from the References section.

CVE-2024-56433
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.

Solution: 

Update packages.

CVEs: 
CVE-2024-56433
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
Additional Info: 

N/A

Download: 

SRPMS
  1. shadow-utils-4.9-15.el9.src.rpm
    MD5: 1f631d59ed8f018d6660e1743c433d3c
    SHA-256: 8de10eb4cf54ac17dc233826ed75ca956d61af64c2af7759c6c33230b8af20b0
    Size: 1.64 MB

Asianux Server 9 for x86_64
  1. shadow-utils-4.9-15.el9.x86_64.rpm
    MD5: 7824f456eb5ff439fc7253f431014f09
    SHA-256: e228420b37be8655af4724340c9bf42f9b490baa1914c42a47cf6326315d4667
    Size: 1.19 MB
  2. shadow-utils-subid-4.9-15.el9.i686.rpm
    MD5: 39982984efd856b65cc5dea287b72196
    SHA-256: a2804be3c116170c08095b7d574ed6b77554d2c1a4d457029ca4fd4175ed0324
    Size: 89.84 kB
  3. shadow-utils-subid-4.9-15.el9.x86_64.rpm
    MD5: a5b5554fbc9ff5e452bf761335365b9f
    SHA-256: feefe6d20329ebb15a10e05126956953d397f053e7053fcc9c3b2fa87237e728
    Size: 84.43 kB
  4. shadow-utils-subid-devel-4.9-15.el9.i686.rpm
    MD5: 1db96613dfe2f0d5d8933b583cb51b3c
    SHA-256: a58bb68352c820628e5658d3fde4261ce006bb4ddc008136026d11651754f2df
    Size: 8.74 kB
  5. shadow-utils-subid-devel-4.9-15.el9.x86_64.rpm
    MD5: 63822e835b7259b7e7bc7ca848d3800b
    SHA-256: 717dc5853157a220b6dfc22a6fb8f2f54e4a8f05a0cb0c3a6c36218d4fe20633
    Size: 8.73 kB