[Pkg-shadow-devel] shadow released - security bug fix

Nicolas François nicolas.francois at centraliens.net
Sun Nov 23 01:25:50 UTC 2008

I've released shadow to fix two security bugs for login.

Debian and derivatives are affected.
Fedora is not affected (the login used by Fedora is coming from
Gentoo is probably affected.

You can find the archive in:

Here is the comprehensive changelog for this release:

shadow- -> shadow-				23-11-2008

*** security
- Fix a race condition in login that could lead to gaining ownership or
  changing mode of arbitrary files.
- Fix a possible login DOS, which could be caused by injecting forged 
  entries in utmp.

Best Regards,

More information about the Pkg-shadow-devel mailing list