Mandriva issued this advisory on January 26: http://lists.mandriva.com/security-announce/2011-01/msg00022.php
Hi, thanks for reporting this bug. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it)
Keywords: (none) => TriagedCC: (none) => cazzaniga.sandro, mageia, thierry.vignaud
fixed in svn. Please test rpms in updates_testing
CC: (none) => dmorganecAssignee: bugsquad => qa-bugs
$ urpmq --whatrequires libuser libuser libuser1 passwd userdrake Testing x86_64 The following 2 packages are going to be installed: - lib64user1-0.56.18-4.1.mga1.x86_64 - libuser-0.56.18-4.1.mga1.x86_64 Created a new user with userdrake # cat /etc/passwd | grep testuser testuser:x:501:501:Test User:/home/testuser:/bin/bash # cat /etc/group | grep testuser testuser:x:501: # cat /etc/shadow | grep testuser testuser:$2a$08$FCnQFTuULmR.4ztV1WBVL.Ch7uDVwqZiPcT3fOVPkOpBISY.toap2:15342:-1:99999:-1::: Logged in via ssh. Testing complete x86_64 for SRPM libuser-0.56.18-4.1.mga1.src.rpm
CC: thierry.vignaud => (none)
Tested successfully on i586.
Keywords: Triaged => validated_updateCC: (none) => sysadmin-bugs
Suggested advisory: ===================== Updated libuser packages fix security vulnerability: libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values (CVE-2011-0002). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://www.mandriva.com/support/security/advisories/?dis=2010.1&name=MDVSA-2011:019 ===================== Updated packages in core/updates_testing: ===================== libuser-0.56.18-4.1.mga1 libuser-devel-0.56.18-4.1.mga1 libuser-ldap-0.56.18-4.1.mga1 libuser-python-0.56.18-4.1.mga1 libuser1-0.56.18-4.1.mga1 from libuser-0.56.18-4.1.mga1.src.rpm =====================
Could sysadmin please push from core/updates_testing to core/updates Thank you!
Hardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED