diff --git a/shadow-4.9-subordinate-fix-duplicate-range.patch b/shadow-4.9-subordinate-fix-duplicate-range.patch
new file mode 100644
index 0000000..4840790
--- /dev/null
+++ b/shadow-4.9-subordinate-fix-duplicate-range.patch
@@ -0,0 +1,172 @@
+diff -up shadow-4.9/lib/attr.h.attr1 shadow-4.9/lib/attr.h
+--- shadow-4.9/lib/attr.h.attr1	2026-05-15 10:12:37.710080392 +0200
++++ shadow-4.9/lib/attr.h	2026-05-15 10:12:37.710074405 +0200
+@@ -0,0 +1,25 @@
++#ifndef SHADOW_INCLUDE_LIB_ATTR_H_
++#define SHADOW_INCLUDE_LIB_ATTR_H_
++
++
++#include "config.h"
++
++
++#if defined(__GNUC__)
++# define unused                      __attribute__((unused))
++# define NORETURN                    __attribute__((__noreturn__))
++# define format_attr(type, fmt, va)  __attribute__((format(type, fmt, va)))
++#else
++# define unused
++# define NORETURN
++# define format_attr(type, fmt, va)
++#endif
++
++#if (__GNUC__ >= 11) && !defined(__clang__)
++# define ATTR_MALLOC(deallocator)    [[gnu::malloc(deallocator)]]
++#else
++# define ATTR_MALLOC(deallocator)
++#endif
++
++
++#endif  // include guard
+diff -up shadow-4.9/lib/Makefile.am.attr1 shadow-4.9/lib/Makefile.am
+--- shadow-4.9/lib/Makefile.am.attr1	2021-07-22 23:55:35.000000000 +0200
++++ shadow-4.9/lib/Makefile.am	2026-05-15 10:13:33.477931504 +0200
+@@ -11,6 +11,7 @@ libshadow_la_CPPFLAGS += -DVENDORDIR=\"$
+ endif
+ 
+ libshadow_la_SOURCES = \
++	attr.h \
+ 	commonio.c \
+ 	commonio.h \
+ 	defines.h \
+
+
+From a61cf0068bf8b56dec5a1d42c9e9701199fcbb0f Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Sun, 26 Nov 2023 18:38:40 +0100
+Subject: [PATCH] lib/attr.h: Add ATTR_STRING() attribute macro
+
+It signals that a function parameter is a string _before_ the call.
+
+Suggested-by: Serge Hallyn <serge@hallyn.com>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ lib/attr.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/attr.h b/lib/attr.h
+index 56a2e0c9..b1f153c7 100644
+--- a/lib/attr.h
++++ b/lib/attr.h
+@@ -21,5 +21,11 @@
+ # define ATTR_MALLOC(deallocator)
+ #endif
+ 
++#if (__GNUC__ >= 14)
++# define ATTR_STRING(...)       [[gnu::null_terminated_string_arg(__VA_ARGS__)]]
++#else
++# define ATTR_STRING(...)
++#endif
++
+ 
+ #endif  // include guard
+-- 
+2.54.0
+
+
+diff -up shadow-4.9/lib/Makefile.am.subordinate-fix-duplicate-range shadow-4.9/lib/Makefile.am
+--- shadow-4.9/lib/Makefile.am.subordinate-fix-duplicate-range	2021-07-22 23:55:35.000000000 +0200
++++ shadow-4.9/lib/Makefile.am	2026-05-15 09:57:53.269280378 +0200
+@@ -61,6 +61,8 @@ libshadow_la_SOURCES = \
+ 	shadowio.h \
+ 	shadowmem.c \
+ 	spawn.c \
++	string/strcmp/streq.c \
++	string/strcmp/streq.h \
+ 	utent.c
+ 
+ if WITH_TCB
+diff -up shadow-4.9/lib/string/strcmp/streq.c.subordinate-fix-duplicate-range shadow-4.9/lib/string/strcmp/streq.c
+--- shadow-4.9/lib/string/strcmp/streq.c.subordinate-fix-duplicate-range	2026-05-15 09:55:37.639772757 +0200
++++ shadow-4.9/lib/string/strcmp/streq.c	2026-05-15 09:55:37.639767504 +0200
+@@ -0,0 +1,12 @@
++// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
++// SPDX-License-Identifier: BSD-3-Clause
++
++
++#include <config.h>
++
++#include <stdbool.h>
++
++#include "string/strcmp/streq.h"
++
++
++extern inline bool streq(const char *s1, const char *s2);
+diff -up shadow-4.9/lib/string/strcmp/streq.h.subordinate-fix-duplicate-range shadow-4.9/lib/string/strcmp/streq.h
+--- shadow-4.9/lib/string/strcmp/streq.h.subordinate-fix-duplicate-range	2026-05-15 09:55:37.639844826 +0200
++++ shadow-4.9/lib/string/strcmp/streq.h	2026-05-15 09:55:37.639821788 +0200
+@@ -0,0 +1,30 @@
++// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
++// SPDX-License-Identifier: BSD-3-Clause
++
++
++#ifndef SHADOW_INCLUDE_LIB_STRING_STRCMP_STREQ_H_
++#define SHADOW_INCLUDE_LIB_STRING_STRCMP_STREQ_H_
++
++
++#include <config.h>
++
++#include <stdbool.h>
++#include <string.h>
++
++#include "attr.h"
++
++
++ATTR_STRING(1)
++ATTR_STRING(2)
++inline bool streq(const char *s1, const char *s2);
++
++
++/* Return true if s1 and s2 compare equal.  */
++inline bool
++streq(const char *s1, const char *s2)
++{
++	return strcmp(s1, s2) == 0;
++}
++
++
++#endif  // include guard
+diff -up shadow-4.9/lib/subordinateio.c.subordinate-fix-duplicate-range shadow-4.9/lib/subordinateio.c
+--- shadow-4.9/lib/subordinateio.c.subordinate-fix-duplicate-range	2026-05-15 09:55:37.628382347 +0200
++++ shadow-4.9/lib/subordinateio.c	2026-05-15 09:56:01.189509187 +0200
+@@ -17,6 +17,8 @@
+ #include <ctype.h>
+ #include <fcntl.h>
+ 
++#include "string/strcmp/streq.h"
++
+ #define ID_SIZE 31
+ 
+ /*
+@@ -839,18 +841,10 @@ int list_owner_ranges(const char *owner,
+ 	have_owner_id = get_owner_id(owner, id_type, id);
+ 
+ 	commonio_rewind(db);
+-	while ((range = commonio_next(db)) != NULL) {
+-		if (0 == strcmp(range->owner, owner)) {
+-			if (!append_range(&ranges, range, count++)) {
+-				free(ranges);
+-				ranges = NULL;
+-				count = -1;
+-				goto out;
+-			}
+-		}
+-
+-		// Let's also compare with the ID
+-		if (have_owner_id == true && 0 == strcmp(range->owner, id)) {
++	while (NULL != (range = commonio_next(db))) {
++		if (   streq(range->owner, owner)
++		    || (have_owner_id && streq(range->owner, id)))
++		{
+ 			if (!append_range(&ranges, range, count++)) {
+ 				free(ranges);
+ 				ranges = NULL;
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 8c2fe13..8c3ebf9 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.9
-Release: 16%{?dist}
+Release: 17%{?dist}
 Epoch: 2
 License: BSD and GPLv2+
 URL: https://github.com/shadow-maint/shadow
@@ -90,6 +90,11 @@ Patch33: shadow-4.9-shadow-logfd.patch
 Patch34: shadow-4.9.0-vipw-restore-terminal.patch
 # https://github.com/shadow-maint/shadow/commit/c1678a9e2759f60a2daf5e136c76fa6e47d6f400
 Patch35: shadow-4.9-groupmod-help.patch
+# https://github.com/shadow-maint/shadow/commit/44b8f7b3ef9efec1c3ee03a1220c86d10bbf0b10
+# https://github.com/shadow-maint/shadow/commit/a61cf0068bf8b56dec5a1d42c9e9701199fcbb0f
+# https://github.com/shadow-maint/shadow/commit/67c42427a0941a4b47c04e8a95322be9d069ff32
+# https://github.com/shadow-maint/shadow/commit/02e930892590efd4023586696d05ce7ce2838e0f
+Patch36: shadow-4.9-subordinate-fix-duplicate-range.patch
 
 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@@ -186,6 +191,7 @@ Development files for shadow-utils-subid.
 %patch33 -p1 -b .shadow-logfd
 %patch34 -p1 -b .vipw-restore-terminal
 %patch35 -p1 -b .groupmod-help
+%patch36 -p1 -b .subordinate-fix-duplicate-range
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -356,6 +362,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_libdir}/libsubid.so
 
 %changelog
+* Fri May 15 2026 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-17
+- subordinateio.c: list_owner_ranges(): Fix duplicate range when
+  username matches ID. Resolves: RHEL-175708
+
 * Tue Dec  9 2025 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-16
 - groupmod.c: --help wfix. Resolves: RHEL-130879