Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: shadow (200305-02)
Date: Tue, 13 May 2003 11:49:59
Message-Id: 20030513101401.6352F33751@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200305-02
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : shadow
9 SUMMARY : PAM workaround for OpenSSH user identification
10 DATE : 2003-05-13 10:13 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <shadow-4.0.3-r5
13 FIXED VERSION : >=shadow-4.0.3-r5
14 CVE : CAN-2003-0190
15
16 - - - ---------------------------------------------------------------------
17
18 Updated shadow package that contains a workarkaround for OpenSSH user
19 identification problem discussed in
20 http://lab.mediaservice.net/advisory/2003-01-openssh.txt
21
22 SOLUTION
23
24 It is recommended that all Gentoo Linux users who are running
25 sys-apps/shadow upgrade to shadow-4.0.3-r5 as follows:
26
27 emerge sync
28 emerge shadow
29 emerge clean
30
31 - - - ---------------------------------------------------------------------
32 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
33 - - - ---------------------------------------------------------------------
34 -----BEGIN PGP SIGNATURE-----
35 Version: GnuPG v1.2.2 (GNU/Linux)
36
37 iD8DBQE+wMVnfT7nyhUpoZMRAoZNAKCTGcSblz4eyFjX9t6SjQKgiT4AGgCffbhn
38 0bZpjf6nsRf8RleCZ0vsI1k=
39 =vHZm
40 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups