Shadow contains utilities to deal with user accounts
A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes usermod/userdel.
An unauthorized user could potentially modify files which they do not have write permissions for.
There is no known workaround at this time.
All Shadow users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.12.2"