From mboxrd@z Thu Jan 1 00:00:00 1970 From: Karel Zak Subject: [ANNOUNCE] util-linux-ng 2.13.1.1 (security update) Date: Tue, 22 Apr 2008 01:23:08 +0200 Message-ID: <20080421232308.GB3249@nb.net.home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, util-linux-ng-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Return-path: Content-Disposition: inline Sender: util-linux-ng-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-fsdevel.vger.kernel.org The stable util-linux-ng 2.13.1.1 release is available at ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/ (Note, 2.13.1.1 is a stable security release.) Feedback and bug reports, as always, are welcomed. Karel Util-linux-ng 2.13.1.1 Release Notes (22-Apr-2008) ================================================== Fixed security issue: -------------------- - audit log injection attack. This bug allows attackers to write arbitrary characters to an audit log via a crafted username. The problem was originally reported for OpenSSH few months ago (CVE-2007-3102). The login(1) is affected by the same bug when built with the option "--with-audit". Changelog: --------- For more details see ChangeLog files at: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/ login: - audit log injection attack via login [Steve Grubb] po: - merge changes [Karel Zak] - update it.po (from translationproject.org) [Marco Colombo] - update nl.po (from translationproject.org) [Benno Schulenberg] -- Karel Zak -- To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html