| |||||||||||||||||||
Pardus alert 2011-47 (shadow)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-47 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-21 Severity: 4 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in shadow, which can be exploited by malicious people to inject newlines into the /etc/passwd file. Description =========== CVE-2011-0721: Multiple CRLF injection vulnerabilities in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Affected packages: Pardus 2011: shadow, all before 4.1.4.2-24-p11 Resolution ========== There are update(s) for shadow. You can update them via Package Manager or with a single command from console: pisi up shadow References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16968 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||