Paketname
shadow-utils
Datum
2009-03-02
Advisory ID
MDVSA-2009:062
Betroffene Versionen
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problembeschreibung

A security vulnerability has been identified and fixed in login
application from shadow-utils, which could allow local users in
the utmp group to overwrite arbitrary files via a symlink attack on
a temporary file referenced in a line (aka ut_line) field in a utmp
entry (CVE-2008-5394).

The updated packages have been patched to prevent this.

Note: Mandriva Linux is using login application from util-linux-ng
by default, and therefore is not affected by this issue on default
configuration.

Aktualisierte Pakete

2009.0 x86_64

 b53608b463bcbf53e6a1b44e5aa94038  2009.0/x86_64/shadow-utils-4.0.12-17.1mdv2009.0.x86_64.rpm 
 d6e3c01f6acf6924bb3d014d3eca47eb  2009.0/SRPMS/shadow-utils-4.0.12-17.1mdv2009.0.src.rpm

CS4.0 x86_64

 a5b683a62a9b173016eb2d974451ca34  corporate/4.0/x86_64/shadow-utils-4.0.12-2.1.20060mlcs4.x86_64.rpm 
 7da4221820c4450587adcdce390b2a74  corporate/4.0/SRPMS/shadow-utils-4.0.12-2.1.20060mlcs4.src.rpm

MNF2.0 i586

 ad2facc0ef1efdb42e5d8e7d461ae902  mnf/2.0/i586/shadow-utils-4.0.3-8.3.C30mdk.i586.rpm 
 b2c0b4d3a30d53fbd1fc933eac4bf79b  mnf/2.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm

2008.0 i586

 e82e43f364f91d855f3cd4ff8c7cce1c  2008.0/i586/shadow-utils-4.0.12-8.1mdv2008.0.i586.rpm 
 5df52461fd4554127eb8124fee26f643  2008.0/SRPMS/shadow-utils-4.0.12-8.1mdv2008.0.src.rpm

2009.0 i586

 25cc294b080fe1fefef1abdfe02b0c55  2009.0/i586/shadow-utils-4.0.12-17.1mdv2009.0.i586.rpm 
 d6e3c01f6acf6924bb3d014d3eca47eb  2009.0/SRPMS/shadow-utils-4.0.12-17.1mdv2009.0.src.rpm

CS3.0 x86_64

 c7e18849cf9c76fa2e514ff52f2e3acd  corporate/3.0/x86_64/shadow-utils-4.0.3-8.3.C30mdk.x86_64.rpm 
 9b6a92a2a85285c6213adc8805f8c1dc  corporate/3.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm

2008.0 x86_64

 f4ec93fe8c573d6a987307eb4f9584c1  2008.0/x86_64/shadow-utils-4.0.12-8.1mdv2008.0.x86_64.rpm 
 5df52461fd4554127eb8124fee26f643  2008.0/SRPMS/shadow-utils-4.0.12-8.1mdv2008.0.src.rpm

CS3.0 i586

 eecf8b2ca9adcd2b07540d89aff4ce88  corporate/3.0/i586/shadow-utils-4.0.3-8.3.C30mdk.i586.rpm 
 9b6a92a2a85285c6213adc8805f8c1dc  corporate/3.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm

2008.1 x86_64

 4268a6e88794f7170a9576ac285aa13e  2008.1/x86_64/shadow-utils-4.0.12-9.1mdv2008.1.x86_64.rpm 
 79175572afdf677c2baec382aa1fccd9  2008.1/SRPMS/shadow-utils-4.0.12-9.1mdv2008.1.src.rpm

2008.1 i586

 2efe1e314945bb00df69f8e51bf69b07  2008.1/i586/shadow-utils-4.0.12-9.1mdv2008.1.i586.rpm 
 79175572afdf677c2baec382aa1fccd9  2008.1/SRPMS/shadow-utils-4.0.12-9.1mdv2008.1.src.rpm

CS4.0 i586

 897e0e969a6947930aaae5429e0af21d  corporate/4.0/i586/shadow-utils-4.0.12-2.1.20060mlcs4.i586.rpm 
 7da4221820c4450587adcdce390b2a74  corporate/4.0/SRPMS/shadow-utils-4.0.12-2.1.20060mlcs4.src.rpm

Referenzen