[prev in list] [next in list] [prev in thread] [next in thread]
List: pkg-shadow-devel
Subject: [Pkg-shadow-devel] shadow 4.1.2.2 released - security bug fix
From: Nicolas =?iso-8859-1?Q?Fran=E7ois?= <nicolas.francois () centraliens ! net>
Date: 2008-11-23 1:25:50
Message-ID: 20081123012550.GA620 () nekral ! nekral ! homelinux ! net
[Download RAW message or body]
Hello,
I've released shadow 4.1.2.2 to fix two security bugs for login.
Debian and derivatives are affected.
Fedora is not affected (the login used by Fedora is coming from
util-linux-ng)
Gentoo is probably affected.
You can find the 4.1.2.2 archive in:
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.2.2.tar.bz2
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.2.2.tar.bz2.sig
Here is the comprehensive changelog for this release:
shadow-4.1.2.1 -> shadow-4.1.2.2 23-11-2008
*** security
- Fix a race condition in login that could lead to gaining ownership or
changing mode of arbitrary files.
- Fix a possible login DOS, which could be caused by injecting forged
entries in utmp.
Best Regards,
--
Nekral
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic