File tree Expand file tree Collapse file tree 2 files changed +18
-5
lines changed
Expand file tree Collapse file tree 2 files changed +18
-5
lines changed Original file line number Diff line number Diff line change 1+ # CVE-2023-4641: gpasswd: memory leak in getpass() function
2+ # Backport fix from https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
3+ # Signed-off-by: Archana Choudhary <archana1@microsoft.com>
4+ --- a/src/gpasswd.c 2021-07-22 21:50:51.000000000 +0000
5+ +++ b/src/gpasswd.c 2025-04-14 13:34:13.478082742 +0000
6+ @@ -919,6 +919,7 @@
7+ strzero (cp);
8+ cp = getpass (_("Re-enter new password: "));
9+ if (NULL == cp) {
10+ + memzero (pass, sizeof pass);
11+ exit (1);
12+ }
Original file line number Diff line number Diff line change 11Summary: Programs for handling passwords in a secure way
22Name: shadow-utils
33Version: 4.9
4- Release: 13 %{?dist }
4+ Release: 14 %{?dist }
55License: BSD
66Vendor: Microsoft Corporation
77Distribution: Mariner
@@ -23,6 +23,7 @@ Source13: login-defs
2323Patch0: chkname-allowcase.patch
2424Patch1: libsubid-pam-link.patch
2525Patch2: CVE-2023-29383.patch
26+ Patch3: CVE-2023-4641.patch
2627BuildRequires: autoconf
2728BuildRequires: audit-devel
2829BuildRequires: automake
@@ -68,10 +69,7 @@ Requires: %{name}-subid = %{version}-%{release}
6869Libraries and headers for libsubid
6970
7071%prep
71- %setup -q -n shadow-%{version }
72- %patch0 -p1
73- %patch1 -p1
74- %patch2 -p1
72+ %autosetup -n shadow-%{version } -p1
7573
7674autoreconf -fiv
7775
@@ -178,6 +176,9 @@ chmod 000 %{_sysconfdir}/shadow
178176%{_libdir }/libsubid.so
179177
180178%changelog
179+ * Wed Jan 15 2025 Archana Choudhary <archana1@microsoft.com> - 4.9-14
180+ - Patch for CVE-2023-4641
181+
181182* Wed Sep 20 2023 Kanika Nema <kanikanema@microsoft.com> - 4.9-13
182183- Recompile with stack-protection fixed gcc version (CVE-2023-4039)
183184- Address CVE-2023-29383
You can’t perform that action at this time.
0 commit comments