[ANNOUNCE] util-linux-ng 2.13.1.1 (security update)

[ANNOUNCE] util-linux-ng 2.13.1.1 (security update)

[Karel Zak]

The stable util-linux-ng 2.13.1.1 release is available at

    ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/


(Note, 2.13.1.1 is a stable security release.)

Feedback and bug reports, as always, are welcomed.


	Karel


Util-linux-ng 2.13.1.1 Release Notes (22-Apr-2008)
==================================================

Fixed security issue:
--------------------

 - audit log injection attack. This bug allows attackers to write
   arbitrary characters to an audit log via a crafted username.

 The problem was originally reported for OpenSSH few months ago
 (CVE-2007-3102). The login(1) is affected by the same bug when
 built with the option "--with-audit".


Changelog:
---------

 For more details see ChangeLog files at:
 ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/


login:
   - audit log injection attack via login  [Steve Grubb]
po:
   - merge changes  [Karel Zak]
   - update it.po (from translationproject.org)  [Marco Colombo]
   - update nl.po (from translationproject.org)  [Benno Schulenberg]

-- 
 Karel Zak  <kzak-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
--
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html