OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths

Summary OpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.1.5 and = 2026.2.21-2 - Fixed on main:...

ypserv allows a local user to modify the GECOS and login shells of other users.

...

bash security, bug fix, and enhancement update

3.2-32 - Dont include backup files Resolves: 700157 3.2-31 - Use 'mktemp' for temporary files Resolves: 700157 3.2-30 - Added man page references to systemwide .bashlogout Resolves: 592979 3.2-29 - Readline glitch, when editing line with more spaces and resizing window Resolves: 525474 3.2-28 - F...

CVE-1999-0901

CVE-1999-0901 affects the ypserv component (noted as ypserv 4.1-4 in some feeds). The description across Red Hat and CVE records states that a local user can modify the GECOS field and login shells of other users, indicating an unauthorized local privilege impact. The Red Hat/Red Hat-linked entri...

AZL-7455 CVE-1999-0901 affecting package ypserv 4.1-4

ypserv allows a local user to modify the GECOS and login shells of other users...

PT-1999-1447 · Ypserv · Ypserv

Name of the Vulnerable Software and Affected Versions: ypserv affected versions not specified Description: The issue allows a local user to modify the GECOS and login shells of other users. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...