[ANNOUNCE] util-linux-ng 2.13.1.1 (security update)

From: Karel Zak
Date: Mon Apr 21 2008 - 19:23:23 EST

Next message: Al Viro: "Re: [GIT]: Sparc"
Previous message: Jesper Juhl: "Re: Please pull the (new) Trivial tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The stable util-linux-ng 2.13.1.1 release is available at

ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/

(Note, 2.13.1.1 is a stable security release.)

Feedback and bug reports, as always, are welcomed.

Karel

Util-linux-ng 2.13.1.1 Release Notes (22-Apr-2008)
==================================================

Fixed security issue:
--------------------

- audit log injection attack. This bug allows attackers to write
arbitrary characters to an audit log via a crafted username.

The problem was originally reported for OpenSSH few months ago
(CVE-2007-3102). The login(1) is affected by the same bug when
built with the option "--with-audit".

Changelog:
---------

For more details see ChangeLog files at:
ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/

login:
- audit log injection attack via login [Steve Grubb]
po:
- merge changes [Karel Zak]
- update it.po (from translationproject.org) [Marco Colombo]
- update nl.po (from translationproject.org) [Benno Schulenberg]

--
Karel Zak <kzak@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: [GIT]: Sparc"
Previous message: Jesper Juhl: "Re: Please pull the (new) Trivial tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]