Fedora Legacy Test Update Notification: udev

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Feb 26 16:12:39 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-175818
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175818
2006-02-26
---------------------------------------------------------------------

Name        : udev
Versions    : fc2: udev-024-6.2.legacy
Versions    : fc3: udev-039-10.FC3.9.legacy
Summary     : A userspace implementation of devfs
Description :
udev is a implementation of devfs in userspace using sysfs and
/sbin/hotplug. It requires a 2.6 kernel to run properly.

---------------------------------------------------------------------
Update Information:

Updated udev packages that fix a security issue are now available.

The udev package contains an implementation of devfs in userspace using
sysfs and /sbin/hotplug.

Richard Cunningham discovered a flaw in the way udev sets permissions on
various files in /dev/input. It may be possible for an authenticated
attacker to gather sensitive data entered by a user at the console, such
as passwords. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3631 to this issue.

All users of udev should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this issue.

---------------------------------------------------------------------
Changelogs

fc2:
* Sun Feb 26 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
024-6.2.legacy
- Added missing glib2-devel to BuildRequires

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
024-6.1.legacy
- Changed permissions for input to fix CVE-2005-3631

fc3:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca> -
039-10.FC3.9.legacy
- Change input permissions to fix CVE-2005-3631

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc2:
d2b2850b4066a595a4d3c162e151dc27c5b43198
fedora/2/updates-testing/i386/udev-024-6.2.legacy.i386.rpm
9ed5ef68d64987f8f644da065399d6885e7e1176
fedora/2/updates-testing/SRPMS/udev-024-6.2.legacy.src.rpm

fc3:
a2682a89f6fe03c2f2c2401caa511c299c1ae1cc
fedora/3/updates-testing/i386/udev-039-10.FC3.9.legacy.i386.rpm
fbcf92e15337b34511d4a305100d6797d644a84e
fedora/3/updates-testing/x86_64/udev-039-10.FC3.9.legacy.x86_64.rpm
fe4e15a6ac3d4d80ce3db01f08a75c93985964e8
fedora/3/updates-testing/SRPMS/udev-039-10.FC3.9.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060226/a1a4634e/attachment.sig>

More information about the fedora-legacy-list mailing list