Gentoo: shadow user id vulnerability
Posted by LinuxSecurity.com Team   
Gentoo Updated shadow package that contains a workarkaround for OpenSSH user identification problem.

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-02
- - - ---------------------------------------------------------------------

          PACKAGE : shadow
          SUMMARY : PAM workaround for OpenSSH user identification
             DATE : 2003-05-13 10:13 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =shadow-4.0.3-r5
              CVE : CAN-2003-0190

- - - ---------------------------------------------------------------------

Updated shadow package that contains a workarkaround for OpenSSH user
identification problem discussed in  
http://lab.mediaservice.net/advisory/2003-01-openssh.txt

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-apps/shadow upgrade to shadow-4.0.3-r5 as follows:

emerge sync
emerge shadow
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------