|
|
| Problem Description |
Argument injection vulnerability in login (login-utils/login.c) in
util-linux-ng 2.14 and earlier makes it easier for remote attackers
to hide activities by modifying portions of log events.
The updated packages have been patched to fix the issue.
| Updated Packages |
Mandriva Linux 2008.0
68147e6be623d5f5cf35dbcdaaa95e43 2008.0/i586/util-linux-ng-2.13-3.4mdv2008.0.i586.rpm 2d6b73d6597206254ed402cb37507ea8 2008.0/SRPMS/util-linux-ng-2.13-3.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
bb1a116b1d9d43c07db5b1ca0d0d6c88 2008.0/x86_64/util-linux-ng-2.13-3.4mdv2008.0.x86_64.rpm 2d6b73d6597206254ed402cb37507ea8 2008.0/SRPMS/util-linux-ng-2.13-3.4mdv2008.0.src.rpm
Mandriva Linux 2008.1
f32a688af204cd9b60e540704006f286 2008.1/i586/util-linux-ng-2.13.1-5.1mdv2008.1.i586.rpm 7d01115ccb7ffd86b5a756455c5429b5 2008.1/SRPMS/util-linux-ng-2.13.1-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64
fa1f9a6b27b10b57ba69323536d18ab7 2008.1/x86_64/util-linux-ng-2.13.1-5.1mdv2008.1.x86_64.rpm 7d01115ccb7ffd86b5a756455c5429b5 2008.1/SRPMS/util-linux-ng-2.13.1-5.1mdv2008.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.