RHBA-2014:1522 - Bug Fix Advisory

Topic

Updated shadow-utils packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

Description

The shadow-utils packages include programs for converting UNIX password files to
the shadow password format, as well as utilities for managing user and group
accounts.

This update fixes the following bugs:

• Previously, pwconv and grpconv utilities improperly parsed respective shadow

and gshadow files with errors. Consequently, when writing corrected shadow and
gshadow files, only the first error on two consecutive erroneous lines was
corrected. With this update, pwconv and grpconv parse the files with errors
correctly, and all lines are corrected in the newly written files. (BZ#787742)

• Due to a bug in code parsing in the /etc/group file, the useradd command could

terminate unexpectedly with a segmentation fault when merging group entries. The
parsing code has been fixed, and useradd now correctly merges group entries.
(BZ#890222)

• Previously, the useradd command assigned the SELinux user to the new user

being created after creating and populating the home directory of the user.
Consequently, the SELinux contexts of the home directory files were incorrect.
With this update, the SELinux user is assigned to the newly created user before
populating the home directory, and the SELinux contexts on the home directory
files for newly created users are now correct. (BZ#955769)

• Due to improper detection of invalid date specification in the chage command,

chage did not fail when used with invalid date specification. With this update,
the code of chage properly detects invalid date specification, and fails if an
invalid date is specified. (BZ#956742)

• Prior to this update, the chage command incorrectly handled date in the format

of "[month] DD YYYY" as "[month] DD hhmm". As a consequence, if chage was used
with such date specification, the date was set to an unexpected value. The
updated chage code correctly handles date in the aforementioned format. As a
result, if chage is used with such date specification, the date is set to an
expected value. (BZ#957782)

• Previously, the newgrp command always tried to find a group with a matching

group ID (GID) within all the groups on the system. If the groups were stored on
the LDAP server, it caused large data to be pulled from the LDAP server on each
invocation of newgrp. The underlying source code has been fixed, and newgrp no
longer tries to find a matching group among all the groups on the system if the
user is a member of the group specified on the command line. Thus no extra data
is pulled from the LDAP server. (BZ#993049)

• The usermod code handled improperly the creation of a new entry in the

/etc/shadow file. As a consequence, the "usermod -p" command failed to set the
new password if the entry in the /etc/shadow file was missing. The updated
usermod code properly creates a new entry in /etc/shadow if it is missing, and
the "usermod -p" command sets the new password correctly even if the user's
entry in /etc/shadow is missing. (BZ#1016516)

Users of shadow-utils are advised to upgrade to these updated packages, which
fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 787742 - pwconv/grpconv skips 2nd of consecutive failures
• BZ - 882272 - manual page for chage do not mention -d 0: root enforced password change
• BZ - 955769 - useradd not assigning correct SELinux user to contexts of home directory files
• BZ - 1011230 - man useradd is incorrect (again)
• BZ - 1016516 - usermod exits with exit status 0 even when it fails.
• BZ - 1089666 - 'usermod -m -d ' should warn that it did not create destination(new)home directory if source home directory does not exist

CVEs

(none)

References

(none)