udev security update

ID CESA-2005:864
Type centos
Reporter CentOS Project
Modified 2005-12-22T16:00:54


CentOS Errata and Security Advisory CESA-2005:864

The udev package contains an implementation of devfs in userspace using sysfs and /sbin/hotplug.

Richard Cunningham discovered a flaw in the way udev sets permissions on various files in /dev/input. It may be possible for an authenticated attacker to gather sensitive data entered by a user at the console, such as passwords. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3631 to this issue.

All users of udev should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-December/024534.html http://lists.centos.org/pipermail/centos-announce/2005-December/024541.html http://lists.centos.org/pipermail/centos-announce/2005-December/024554.html http://lists.centos.org/pipermail/centos-announce/2005-December/024561.html http://lists.centos.org/pipermail/centos-announce/2005-December/024562.html

Affected packages: udev

Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-864.html