Package name
Advisory ID
Affected versions
8.1 i586 , 8.0 i586 , 8.0 i586

Problem description

Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations (ie. using pam_limits), it would overwrite the buffer and cause the user to get the credentials of another user. Thanks to Olaf Kirch for providing the patch to fix the problem.

Updated packages

8.1 i586

 eed8a58dafde65f693ef09c6b638d119  8.1/RPMS/util-linux-2.11h-3.1mdk.i586.rpm
41fc1d59c255aa1c96845c683c780399  8.1/SRPMS/util-linux-2.11h-3.1mdk.src.rpm

8.0 i586

 4ddcd252a9d5b8e683a1b305e904cad4  8.0/RPMS/util-linux-2.10s-3.1mdk.i586.rpm
9f6e4e89aaf34996980e74f3ebbe5014  8.0/SRPMS/util-linux-2.10s-3.1mdk.src.rpm

8.0 i586

 989d97eb47495d2dccd00c8b1d177610  ppc/8.0/RPMS/util-linux-2.11h-3.2mdk.ppc.rpm
7c24f46f6380c192f3b6ae3438e476d0  ppc/8.0/SRPMS/util-linux-2.11h-3.2mdk.src.rpm