'[Pkg-shadow-devel] shadow 4.1.2.2 released - security bug fix'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pkg-shadow-devel
Subject:    [Pkg-shadow-devel] shadow 4.1.2.2 released - security bug fix
From:       Nicolas =?iso-8859-1?Q?Fran=E7ois?= <nicolas.francois () centraliens ! net>
Date:       2008-11-23 1:25:50
Message-ID: 20081123012550.GA620 () nekral ! nekral ! homelinux ! net
[Download RAW message or body]

Hello,                                                                          
                                                                                
I've released shadow 4.1.2.2 to fix two security bugs for login.

Debian and derivatives are affected.
Fedora is not affected (the login used by Fedora is coming from
util-linux-ng)
Gentoo is probably affected.

You can find the 4.1.2.2 archive in:
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.2.2.tar.bz2
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.2.2.tar.bz2.sig

Here is the comprehensive changelog for this release:

shadow-4.1.2.1 -> shadow-4.1.2.2				23-11-2008

*** security
- Fix a race condition in login that could lead to gaining ownership or
  changing mode of arbitrary files.
- Fix a possible login DOS, which could be caused by injecting forged 
  entries in utmp.

Best Regards,
-- 
Nekral


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic