RHBA-2012:0244 - Bug Fix Advisory

Topic

An updated shadow-utils package that fixes various bugs is now available for Red
Hat Enterprise Linux 5.

Description

The shadow-utils package includes programs for converting UNIX password files to
the shadow password format, as well as tools for managing user and group
accounts.

This update fixes the following bugs:

• Prior to this update, the faillog utility executed command line options

immediately after they were passed instead of parsing all options first. This
update modifies the utility so that all command line options are parsed before
executing the commands. (BZ#619150)

• Prior to this update, the faillog utility created huge /var/log/faillog files

after setting the maximum number of login failures. This update fixes that
behavior. (BZ#670364)

• Prior to this update, an attempt to copy the files of the /etc/skel/ directory

with support for access control lists (ACLs) to a file system with disabled ACLs
failed with the error: "copydir(): preserving permissions for
/home/[username]/.kde: Operation not supported". This update modifies the ACLs
so that the content of the /etc/skel/ directory is now successfully copied.
(BZ#673091)

• Prior to this update, large user identifiers (UID) and group identifiers (GID)

on 32-bit systems were not correctly handled. As a consequence, the pwconv and
pwunconv utilities changed all identifiers greater than 2147483647 to this
value. With this update, the underlying source code has been modified to ensure
that the pwconv and pwunconv utilities no longer change the GIDs and UIDs.
(BZ#681020)

• Prior to this update, the useradd(8) manual page contained incorrect

information about the minimum numeric value for UIDs. This update lists now the
correct minimum UID number of 500. (BZ#688892)

• Prior to this update, the useradd utility did not delete its lock files after

an unsuccessful execution. This update modifies the utility so that lock files
are now correctly deleted. (BZ#709605)

• Prior to this update, the groupadd manual page description of "-r" was only

valid for the default value of GID_MIN. This update contains accurate
information regardless of whether GID_MIN is left at the default value of 500.
(BZ#715214)

All users of shadow-utils are advised to upgrade to this updated package, which
fixes these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 619150 - faillog executes during argument parsing
• BZ - 670364 - faillog command creates a huge file (/var/log/faillog)
• BZ - 673091 - No file in /etc/skel is copied by useradd
• BZ - 681020 - pwconv and pwunconv alter uids over 2147483647
• BZ - 688892 - Wrong statement regarding UID allocation in useradd(8)

CVEs

(none)

References

(none)