User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2013-4571 (libuser)

Subject:  [SECURITY] Fedora 18 Update: libuser-0.58-3.fc18
Date:  Thu, 18 Apr 2013 02:46:59 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-4571 2013-03-30 21:01:23 -------------------------------------------------------------------------------- Name : libuser Product : Fedora 18 Version : 0.58 Release : 3.fc18 URL : Summary : A user and group account administration library Description : The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. -------------------------------------------------------------------------------- Update Information: This update fixes a TOCTOU race condition when copying and removing directory trees. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 15 2013 Hercinger Viktor <> - 0.58-3 - Fixed TOCTOU race condition when copying, removing or creating directory trees Resolves: #928846, CVE-2012-5630, CVE-2012-5644 * Mon Feb 4 2013 Miloslav Trma─Ź <> - 0.58-2 - Always use secure_getenv() or __secure_getenv(), fail build if neither is available. Patch by Viktor Hercinger <>. -------------------------------------------------------------------------------- References: [ 1 ] Bug #884685 - CVE-2012-5630 libuser: TOCTOU race conditions by copying and removing directory trees [ 2 ] Bug #885724 - CVE-2012-5644 libuser: (Complete) Information disclosure when moving user's home directory -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libuser' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds