| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080421232308.GB3249@nb.net.home>
Date: Tue, 22 Apr 2008 01:23:08 +0200
From: Karel Zak <kzak@...hat.com>
To: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
util-linux-ng@...r.kernel.org
Subject: [ANNOUNCE] util-linux-ng 2.13.1.1 (security update)
The stable util-linux-ng 2.13.1.1 release is available at
ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/
(Note, 2.13.1.1 is a stable security release.)
Feedback and bug reports, as always, are welcomed.
Karel
Util-linux-ng 2.13.1.1 Release Notes (22-Apr-2008)
==================================================
Fixed security issue:
--------------------
- audit log injection attack. This bug allows attackers to write
arbitrary characters to an audit log via a crafted username.
The problem was originally reported for OpenSSH few months ago
(CVE-2007-3102). The login(1) is affected by the same bug when
built with the option "--with-audit".
Changelog:
---------
For more details see ChangeLog files at:
ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/
login:
- audit log injection attack via login [Steve Grubb]
po:
- merge changes [Karel Zak]
- update it.po (from translationproject.org) [Marco Colombo]
- update nl.po (from translationproject.org) [Benno Schulenberg]
--
Karel Zak <kzak@...hat.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists