Shadow: Privilege escalation Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. shadow 2020-08-25 2020-08-25 702252 local 4.8-r3 4.8-r3

Shadow is a set of tools to deal with user accounts.

When Shadow was installed with the PAM use flag, setuid binaries provided by Shadow were not properly restricted.

A local attacker could escalate privileges to root.

There is no known workaround at this time.

All Shadow users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.8-r3" CVE-2019-19882 Upstream mitigation sam_c sam_c