MDVSA-2009:062
- Package name
- shadow-utils
- Date
- 2009-03-02
- Advisory ID
- MDVSA-2009:062
- Affected versions
- 2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586
Problem description
A security vulnerability has been identified and fixed in login
application from shadow-utils, which could allow local users in
the utmp group to overwrite arbitrary files via a symlink attack on
a temporary file referenced in a line (aka ut_line) field in a utmp
entry (CVE-2008-5394).
The updated packages have been patched to prevent this.
Note: Mandriva Linux is using login application from util-linux-ng
by default, and therefore is not affected by this issue on default
configuration.
Updated packages
2009.0 x86_64
b53608b463bcbf53e6a1b44e5aa94038 2009.0/x86_64/shadow-utils-4.0.12-17.1mdv2009.0.x86_64.rpm d6e3c01f6acf6924bb3d014d3eca47eb 2009.0/SRPMS/shadow-utils-4.0.12-17.1mdv2009.0.src.rpm
CS4.0 x86_64
a5b683a62a9b173016eb2d974451ca34 corporate/4.0/x86_64/shadow-utils-4.0.12-2.1.20060mlcs4.x86_64.rpm 7da4221820c4450587adcdce390b2a74 corporate/4.0/SRPMS/shadow-utils-4.0.12-2.1.20060mlcs4.src.rpm
MNF2.0 i586
ad2facc0ef1efdb42e5d8e7d461ae902 mnf/2.0/i586/shadow-utils-4.0.3-8.3.C30mdk.i586.rpm b2c0b4d3a30d53fbd1fc933eac4bf79b mnf/2.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm
2008.0 i586
e82e43f364f91d855f3cd4ff8c7cce1c 2008.0/i586/shadow-utils-4.0.12-8.1mdv2008.0.i586.rpm 5df52461fd4554127eb8124fee26f643 2008.0/SRPMS/shadow-utils-4.0.12-8.1mdv2008.0.src.rpm
2009.0 i586
25cc294b080fe1fefef1abdfe02b0c55 2009.0/i586/shadow-utils-4.0.12-17.1mdv2009.0.i586.rpm d6e3c01f6acf6924bb3d014d3eca47eb 2009.0/SRPMS/shadow-utils-4.0.12-17.1mdv2009.0.src.rpm
CS3.0 x86_64
c7e18849cf9c76fa2e514ff52f2e3acd corporate/3.0/x86_64/shadow-utils-4.0.3-8.3.C30mdk.x86_64.rpm 9b6a92a2a85285c6213adc8805f8c1dc corporate/3.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm
2008.0 x86_64
f4ec93fe8c573d6a987307eb4f9584c1 2008.0/x86_64/shadow-utils-4.0.12-8.1mdv2008.0.x86_64.rpm 5df52461fd4554127eb8124fee26f643 2008.0/SRPMS/shadow-utils-4.0.12-8.1mdv2008.0.src.rpm
CS3.0 i586
eecf8b2ca9adcd2b07540d89aff4ce88 corporate/3.0/i586/shadow-utils-4.0.3-8.3.C30mdk.i586.rpm 9b6a92a2a85285c6213adc8805f8c1dc corporate/3.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm
2008.1 x86_64
4268a6e88794f7170a9576ac285aa13e 2008.1/x86_64/shadow-utils-4.0.12-9.1mdv2008.1.x86_64.rpm 79175572afdf677c2baec382aa1fccd9 2008.1/SRPMS/shadow-utils-4.0.12-9.1mdv2008.1.src.rpm
2008.1 i586
2efe1e314945bb00df69f8e51bf69b07 2008.1/i586/shadow-utils-4.0.12-9.1mdv2008.1.i586.rpm 79175572afdf677c2baec382aa1fccd9 2008.1/SRPMS/shadow-utils-4.0.12-9.1mdv2008.1.src.rpm
CS4.0 i586
897e0e969a6947930aaae5429e0af21d corporate/4.0/i586/shadow-utils-4.0.12-2.1.20060mlcs4.i586.rpm 7da4221820c4450587adcdce390b2a74 corporate/4.0/SRPMS/shadow-utils-4.0.12-2.1.20060mlcs4.src.rpm