Red Hat Product Errata RHSA-2025:20145 - Security Advisory
Issued:
2025-11-11
Updated:
2025-11-11

RHSA-2025:20145 - Security Advisory

Synopsis

Low: shadow-utils security update

Type/Severity

Security Advisory: Low

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for shadow-utils is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.

Security Fix(es):

  • shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

  • BZ - 2334165 - CVE-2024-56433 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise
  • RHEL-105943 - [rhel-10.1] Podman system test - as user - Found no UID ranges set aside for user

Red Hat Enterprise Linux for x86_64 10

SRPM
shadow-utils-4.15.0-8.el10.src.rpm SHA-256: de2c630290f3ebd481d04ad7b00d908a09a851025d617329efddb53b081a4fc9
x86_64
shadow-utils-4.15.0-8.el10.x86_64.rpm SHA-256: 8d7e3846a08b620dbde011b15b8e058f579fccf3a1989c4321beaaf68631cc87
shadow-utils-debuginfo-4.15.0-8.el10.x86_64.rpm SHA-256: 955381811ca7c4c6ee15fe317dbf33f8e832b46c34863c0b6eda83d0f0dfd7b1
shadow-utils-debugsource-4.15.0-8.el10.x86_64.rpm SHA-256: 8e052c7414e8376c87805b2e4b9e8888cc4b0b0b21293b85cc4752514deda4b0
shadow-utils-subid-4.15.0-8.el10.x86_64.rpm SHA-256: 62be0b741a7af394047a88cc4d30c6fce1275c77b97d5f8d28b6683e4c1308bb
shadow-utils-subid-debuginfo-4.15.0-8.el10.x86_64.rpm SHA-256: a039df68487041c63eb2c084433fef4162bcb60d30bca2e8e4e9eccff4435235

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
shadow-utils-4.15.0-8.el10.src.rpm SHA-256: de2c630290f3ebd481d04ad7b00d908a09a851025d617329efddb53b081a4fc9
s390x
shadow-utils-4.15.0-8.el10.s390x.rpm SHA-256: 9483bcaca4306cbb6879bf49027d56f88f8db3b98057af5591a36410d5f03f23
shadow-utils-debuginfo-4.15.0-8.el10.s390x.rpm SHA-256: 6558d1475319c90c6b53ed4084a27c283bdd407331e5e62f6335ec80e03d9656
shadow-utils-debugsource-4.15.0-8.el10.s390x.rpm SHA-256: 4bc72bf3a56bb22daf9812f848c18a72398861ce89ed1692027c86cb49507eb7
shadow-utils-subid-4.15.0-8.el10.s390x.rpm SHA-256: ab7f4f8b67220e2bab49e33103090f2006216e034766e47e31c1cfe0fd27a678
shadow-utils-subid-debuginfo-4.15.0-8.el10.s390x.rpm SHA-256: e32132065436f9735daab4f1b66ab4998fa9ab18cf70c3efec07ff607028d7f2

Red Hat Enterprise Linux for Power, little endian 10

SRPM
shadow-utils-4.15.0-8.el10.src.rpm SHA-256: de2c630290f3ebd481d04ad7b00d908a09a851025d617329efddb53b081a4fc9
ppc64le
shadow-utils-4.15.0-8.el10.ppc64le.rpm SHA-256: cf897c8b1e9348387cef8cbeaeb123de3bfebc87834dab609f257650d6a1bffb
shadow-utils-debuginfo-4.15.0-8.el10.ppc64le.rpm SHA-256: 80a5319c854b709335e33fb142c1df75c0428216e1ae21e9b7f579cf99a68887
shadow-utils-debugsource-4.15.0-8.el10.ppc64le.rpm SHA-256: 66e61c5508917559c9d5dd8a9b2905728c99203b8b0bacc4286b1f7a198f5351
shadow-utils-subid-4.15.0-8.el10.ppc64le.rpm SHA-256: 80583958a5ade6fdb3eb2612e4173872482d5dd6fc71c9f0723939e05e882d9d
shadow-utils-subid-debuginfo-4.15.0-8.el10.ppc64le.rpm SHA-256: 8b4253a59fed22712a8a6bca57a3f8e9c51d179d9d3fdb29e7785e8ffe46821e

Red Hat Enterprise Linux for ARM 64 10

SRPM
shadow-utils-4.15.0-8.el10.src.rpm SHA-256: de2c630290f3ebd481d04ad7b00d908a09a851025d617329efddb53b081a4fc9
aarch64
shadow-utils-4.15.0-8.el10.aarch64.rpm SHA-256: 70422e108ff0dda4699e1ca894e4df1d04d61828dc598e100a86e62d38595c77
shadow-utils-debuginfo-4.15.0-8.el10.aarch64.rpm SHA-256: b4f00b87765e976644a222a632e020e14803f8e166e0882e8f1602852b28272e
shadow-utils-debugsource-4.15.0-8.el10.aarch64.rpm SHA-256: efb6b3a2e331f036e211000968fcbc11a7c45ca5f4faedd84f5c30b904b5c601
shadow-utils-subid-4.15.0-8.el10.aarch64.rpm SHA-256: a15c31e6338d58682380f0c9e238a1aa544c8adad8a2f880873838fde35a4a93
shadow-utils-subid-debuginfo-4.15.0-8.el10.aarch64.rpm SHA-256: cb2af1ce6e41ee061b64cdcbff53fc6add26dc1f46bfa01117f4d9ef32b0771d

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
shadow-utils-debuginfo-4.15.0-8.el10.x86_64.rpm SHA-256: 955381811ca7c4c6ee15fe317dbf33f8e832b46c34863c0b6eda83d0f0dfd7b1
shadow-utils-debugsource-4.15.0-8.el10.x86_64.rpm SHA-256: 8e052c7414e8376c87805b2e4b9e8888cc4b0b0b21293b85cc4752514deda4b0
shadow-utils-subid-debuginfo-4.15.0-8.el10.x86_64.rpm SHA-256: a039df68487041c63eb2c084433fef4162bcb60d30bca2e8e4e9eccff4435235
shadow-utils-subid-devel-4.15.0-8.el10.x86_64.rpm SHA-256: ac66f2eafc1caa7d9d15df00b14c832d361edd158e84e4e40676cc1d51b0e55d

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
shadow-utils-debuginfo-4.15.0-8.el10.ppc64le.rpm SHA-256: 80a5319c854b709335e33fb142c1df75c0428216e1ae21e9b7f579cf99a68887
shadow-utils-debugsource-4.15.0-8.el10.ppc64le.rpm SHA-256: 66e61c5508917559c9d5dd8a9b2905728c99203b8b0bacc4286b1f7a198f5351
shadow-utils-subid-debuginfo-4.15.0-8.el10.ppc64le.rpm SHA-256: 8b4253a59fed22712a8a6bca57a3f8e9c51d179d9d3fdb29e7785e8ffe46821e
shadow-utils-subid-devel-4.15.0-8.el10.ppc64le.rpm SHA-256: 0999df8b1d989ccd841c8145405229cf3e645fb70fd2e1ba8381f2f8e4b2b695

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
shadow-utils-debuginfo-4.15.0-8.el10.aarch64.rpm SHA-256: b4f00b87765e976644a222a632e020e14803f8e166e0882e8f1602852b28272e
shadow-utils-debugsource-4.15.0-8.el10.aarch64.rpm SHA-256: efb6b3a2e331f036e211000968fcbc11a7c45ca5f4faedd84f5c30b904b5c601
shadow-utils-subid-debuginfo-4.15.0-8.el10.aarch64.rpm SHA-256: cb2af1ce6e41ee061b64cdcbff53fc6add26dc1f46bfa01117f4d9ef32b0771d
shadow-utils-subid-devel-4.15.0-8.el10.aarch64.rpm SHA-256: 3d4562f011ab250a0f7ca90627be4b7d2ea4010b86646c249ffb3481f6518f89

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
shadow-utils-debuginfo-4.15.0-8.el10.s390x.rpm SHA-256: 6558d1475319c90c6b53ed4084a27c283bdd407331e5e62f6335ec80e03d9656
shadow-utils-debugsource-4.15.0-8.el10.s390x.rpm SHA-256: 4bc72bf3a56bb22daf9812f848c18a72398861ce89ed1692027c86cb49507eb7
shadow-utils-subid-debuginfo-4.15.0-8.el10.s390x.rpm SHA-256: e32132065436f9735daab4f1b66ab4998fa9ab18cf70c3efec07ff607028d7f2
shadow-utils-subid-devel-4.15.0-8.el10.s390x.rpm SHA-256: 6ab972e19d65acb9dda14a866af374530d5e2dfd73d83a7fe08f7e1a37673ed5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.