Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2008:114

Package name: util-linux-ng
Date: 2008-06-13
Advisory ID: MDVSA-2008:114
Affected versions: 2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

Argument injection vulnerability in login (login-utils/login.c) in
util-linux-ng 2.14 and earlier makes it easier for remote attackers
to hide activities by modifying portions of log events.

The updated packages have been patched to fix the issue.

Updated packages

2008.1 i586

 f32a688af204cd9b60e540704006f286  2008.1/i586/util-linux-ng-2.13.1-5.1mdv2008.1.i586.rpm 
 7d01115ccb7ffd86b5a756455c5429b5  2008.1/SRPMS/util-linux-ng-2.13.1-5.1mdv2008.1.src.rpm

2008.1 x86_64

 fa1f9a6b27b10b57ba69323536d18ab7  2008.1/x86_64/util-linux-ng-2.13.1-5.1mdv2008.1.x86_64.rpm 
 7d01115ccb7ffd86b5a756455c5429b5  2008.1/SRPMS/util-linux-ng-2.13.1-5.1mdv2008.1.src.rpm

2008.0 i586

 68147e6be623d5f5cf35dbcdaaa95e43  2008.0/i586/util-linux-ng-2.13-3.4mdv2008.0.i586.rpm 
 2d6b73d6597206254ed402cb37507ea8  2008.0/SRPMS/util-linux-ng-2.13-3.4mdv2008.0.src.rpm

2008.0 x86_64

 bb1a116b1d9d43c07db5b1ca0d0d6c88  2008.0/x86_64/util-linux-ng-2.13-3.4mdv2008.0.x86_64.rpm 
 2d6b73d6597206254ed402cb37507ea8  2008.0/SRPMS/util-linux-ng-2.13-3.4mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926