- Issued:
- 2025-11-11
- Updated:
- 2025-11-11
RHSA-2025:20559 - Security Advisory
Synopsis
Low: shadow-utils security update
Type/Severity
Security Advisory: Low
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for shadow-utils is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.
Security Fix(es):
- shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2334165 - CVE-2024-56433 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise
- RHEL-70844 - The read command suspends on SIGTTOU because vipw does not restore terminal pgid.
- RHEL-72940 - vipw/vigr affect bash because it does not restore terminal pgid.
- RHEL-105945 - [rhel-9.7] Podman system test - as user - Found no UID ranges set aside for user
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 9
| SRPM | |
|---|---|
| shadow-utils-4.9-15.el9.src.rpm | SHA-256: c6feefc65a20ec4203979e0cde4d4a6d86981ac7c836e55148273bd9fc2b57b2 |
| x86_64 | |
| shadow-utils-4.9-15.el9.x86_64.rpm | SHA-256: 297d8d9785fb98fd8e0c13eec05ee2da08db24e4e6099730b18f6a820b851c51 |
| shadow-utils-debuginfo-4.9-15.el9.i686.rpm | SHA-256: d5aa155cbb783bab80f56c69acae485ef4b1ed2f6f107970b01809408fe95170 |
| shadow-utils-debuginfo-4.9-15.el9.x86_64.rpm | SHA-256: 71fde2a2e07eacc81b5b270f85c42e6840608534cd016119aa00d8e7c74b4481 |
| shadow-utils-debugsource-4.9-15.el9.i686.rpm | SHA-256: 74524f07410b0916f9a9d79daf56cee08ebc190079639de62b601838c542d244 |
| shadow-utils-debugsource-4.9-15.el9.x86_64.rpm | SHA-256: c3a7cfd64a504a9f0e9506c69643354f51fff010739860765cc32d374503d2f4 |
| shadow-utils-subid-4.9-15.el9.i686.rpm | SHA-256: cee68898434a1c8643e2e6a5af4945f51a774c874b2ee2ece8897596725af7c1 |
| shadow-utils-subid-4.9-15.el9.x86_64.rpm | SHA-256: dd1fb90430220033adbd4c52c5c1d53323acc011245b73aafefbc9fa33f40a2b |
| shadow-utils-subid-debuginfo-4.9-15.el9.i686.rpm | SHA-256: d3c8929e78f66692c9fa3fc5161d116731c8508f0b71dfbb5e4a6ac11043c356 |
| shadow-utils-subid-debuginfo-4.9-15.el9.x86_64.rpm | SHA-256: 40a3960063859b5974e20bfd1ebcd7af4f596b24eaf05d87db531aaac88b9881 |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM | |
|---|---|
| shadow-utils-4.9-15.el9.src.rpm | SHA-256: c6feefc65a20ec4203979e0cde4d4a6d86981ac7c836e55148273bd9fc2b57b2 |
| s390x | |
| shadow-utils-4.9-15.el9.s390x.rpm | SHA-256: 2eb4f76ccae0aa1a7c3c558a574ee7dae2541fc65004122035e5348dbd50a51a |
| shadow-utils-debuginfo-4.9-15.el9.s390x.rpm | SHA-256: e44b2730c182b065bfd4b0783779fccc9db79a17025e436cad07d1b6aebf2f96 |
| shadow-utils-debugsource-4.9-15.el9.s390x.rpm | SHA-256: 75af0084cb9eaca08525f3731e89238350d1293e4a073149d259043b35bd1ca1 |
| shadow-utils-subid-4.9-15.el9.s390x.rpm | SHA-256: 6c438c31d625078b77a85b45f490f1a821d2c79b828b1185071ebcd3a23428d0 |
| shadow-utils-subid-debuginfo-4.9-15.el9.s390x.rpm | SHA-256: 1cc9c59a0bb27b4625ea652932752d87be4a5d0423adc0510de19a59ff0f5f9b |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM | |
|---|---|
| shadow-utils-4.9-15.el9.src.rpm | SHA-256: c6feefc65a20ec4203979e0cde4d4a6d86981ac7c836e55148273bd9fc2b57b2 |
| ppc64le | |
| shadow-utils-4.9-15.el9.ppc64le.rpm | SHA-256: 306514b0e1eff64bbcf43b53cd73f952e48cd4221c3d215dfe7b1908354f07ca |
| shadow-utils-debuginfo-4.9-15.el9.ppc64le.rpm | SHA-256: 23508f47a3e4098f9ede01e66ba20e49818e12e2323d04bb7525a0324a234fe3 |
| shadow-utils-debugsource-4.9-15.el9.ppc64le.rpm | SHA-256: a1477d8b22452f17134d3e7f192a4998de73adc863ce260bb6e3e05665c2f2d5 |
| shadow-utils-subid-4.9-15.el9.ppc64le.rpm | SHA-256: 4079b6e649dbee38f64f84c6e3d2e96b55cd45912abccb6e7f89602873bb0001 |
| shadow-utils-subid-debuginfo-4.9-15.el9.ppc64le.rpm | SHA-256: e0492faa5f5eb4218b1438a0a3555b0c88659708b8256fd7f15a229583913524 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM | |
|---|---|
| shadow-utils-4.9-15.el9.src.rpm | SHA-256: c6feefc65a20ec4203979e0cde4d4a6d86981ac7c836e55148273bd9fc2b57b2 |
| aarch64 | |
| shadow-utils-4.9-15.el9.aarch64.rpm | SHA-256: 93e53d8bf8f4bf2a3acf0f4f82967598570e24cb4bc2633cb3022a3c70217a74 |
| shadow-utils-debuginfo-4.9-15.el9.aarch64.rpm | SHA-256: e4f34a22fced41457106e1217d8360b8ab1adb8f1f3f815c1eef6f7688f482fc |
| shadow-utils-debugsource-4.9-15.el9.aarch64.rpm | SHA-256: 565746a71f26357e4a41584d94bb9a3aeae0fc4ea14b11472264ee6310bae918 |
| shadow-utils-subid-4.9-15.el9.aarch64.rpm | SHA-256: 8bca26bd499d9d6fea38e95cec40e058f7b6a0a30406b927f029f421c3b08677 |
| shadow-utils-subid-debuginfo-4.9-15.el9.aarch64.rpm | SHA-256: a5748f4e6d5080d1507f92962e3a8f057c075247ae3be12c31fdb3bc6daf3ad8 |
Red Hat CodeReady Linux Builder for x86_64 9
| SRPM | |
|---|---|
| x86_64 | |
| shadow-utils-debuginfo-4.9-15.el9.i686.rpm | SHA-256: d5aa155cbb783bab80f56c69acae485ef4b1ed2f6f107970b01809408fe95170 |
| shadow-utils-debuginfo-4.9-15.el9.x86_64.rpm | SHA-256: 71fde2a2e07eacc81b5b270f85c42e6840608534cd016119aa00d8e7c74b4481 |
| shadow-utils-debugsource-4.9-15.el9.i686.rpm | SHA-256: 74524f07410b0916f9a9d79daf56cee08ebc190079639de62b601838c542d244 |
| shadow-utils-debugsource-4.9-15.el9.x86_64.rpm | SHA-256: c3a7cfd64a504a9f0e9506c69643354f51fff010739860765cc32d374503d2f4 |
| shadow-utils-subid-debuginfo-4.9-15.el9.i686.rpm | SHA-256: d3c8929e78f66692c9fa3fc5161d116731c8508f0b71dfbb5e4a6ac11043c356 |
| shadow-utils-subid-debuginfo-4.9-15.el9.x86_64.rpm | SHA-256: 40a3960063859b5974e20bfd1ebcd7af4f596b24eaf05d87db531aaac88b9881 |
| shadow-utils-subid-devel-4.9-15.el9.i686.rpm | SHA-256: 717344f13f5086be69e32690e77a502463fd2099482b466da5ec16d444db9164 |
| shadow-utils-subid-devel-4.9-15.el9.x86_64.rpm | SHA-256: f0269e2075b5262393390a1c4babfc954d61260530db239b199547dc727ba1df |
Red Hat CodeReady Linux Builder for Power, little endian 9
| SRPM | |
|---|---|
| ppc64le | |
| shadow-utils-debuginfo-4.9-15.el9.ppc64le.rpm | SHA-256: 23508f47a3e4098f9ede01e66ba20e49818e12e2323d04bb7525a0324a234fe3 |
| shadow-utils-debugsource-4.9-15.el9.ppc64le.rpm | SHA-256: a1477d8b22452f17134d3e7f192a4998de73adc863ce260bb6e3e05665c2f2d5 |
| shadow-utils-subid-debuginfo-4.9-15.el9.ppc64le.rpm | SHA-256: e0492faa5f5eb4218b1438a0a3555b0c88659708b8256fd7f15a229583913524 |
| shadow-utils-subid-devel-4.9-15.el9.ppc64le.rpm | SHA-256: 433131319c5267e410ee491415caf7a27837a00bd0b36ebf140cda7334888c63 |
Red Hat CodeReady Linux Builder for ARM 64 9
| SRPM | |
|---|---|
| aarch64 | |
| shadow-utils-debuginfo-4.9-15.el9.aarch64.rpm | SHA-256: e4f34a22fced41457106e1217d8360b8ab1adb8f1f3f815c1eef6f7688f482fc |
| shadow-utils-debugsource-4.9-15.el9.aarch64.rpm | SHA-256: 565746a71f26357e4a41584d94bb9a3aeae0fc4ea14b11472264ee6310bae918 |
| shadow-utils-subid-debuginfo-4.9-15.el9.aarch64.rpm | SHA-256: a5748f4e6d5080d1507f92962e3a8f057c075247ae3be12c31fdb3bc6daf3ad8 |
| shadow-utils-subid-devel-4.9-15.el9.aarch64.rpm | SHA-256: bd9691cf377b2bb428e3547e7903d7bedc10a18a3630f6e246f0265ae7254405 |
Red Hat CodeReady Linux Builder for IBM z Systems 9
| SRPM | |
|---|---|
| s390x | |
| shadow-utils-debuginfo-4.9-15.el9.s390x.rpm | SHA-256: e44b2730c182b065bfd4b0783779fccc9db79a17025e436cad07d1b6aebf2f96 |
| shadow-utils-debugsource-4.9-15.el9.s390x.rpm | SHA-256: 75af0084cb9eaca08525f3731e89238350d1293e4a073149d259043b35bd1ca1 |
| shadow-utils-subid-debuginfo-4.9-15.el9.s390x.rpm | SHA-256: 1cc9c59a0bb27b4625ea652932752d87be4a5d0423adc0510de19a59ff0f5f9b |
| shadow-utils-subid-devel-4.9-15.el9.s390x.rpm | SHA-256: 3e55b76ff358962db8f769c5c4d2db1f59de8ecf5d343c114be76d62f9d085a3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
