udev security update

CentOS Errata and Security Advisory CESA-2005:864

The udev package contains an implementation of devfs in userspace using
sysfs and /sbin/hotplug.

Richard Cunningham discovered a flaw in the way udev sets permissions on
various files in /dev/input. It may be possible for an authenticated
attacker to gather sensitive data entered by a user at the console, such as
passwords. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3631 to this issue.

All users of udev should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-December/074658.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074665.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074678.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074685.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074686.html

Affected packages:
udev

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:864