CentOS Errata and Security Advisory CESA-2005:864
The udev package contains an implementation of devfs in userspace using sysfs and /sbin/hotplug.
Richard Cunningham discovered a flaw in the way udev sets permissions on various files in /dev/input. It may be possible for an authenticated attacker to gather sensitive data entered by a user at the console, such as passwords. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3631 to this issue.
All users of udev should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-December/024534.html http://lists.centos.org/pipermail/centos-announce/2005-December/024541.html http://lists.centos.org/pipermail/centos-announce/2005-December/024554.html http://lists.centos.org/pipermail/centos-announce/2005-December/024561.html http://lists.centos.org/pipermail/centos-announce/2005-December/024562.html
Affected packages: udev
Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-864.html