docs: add hint about chfn & chsh bug and thanks to qualys

Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2015-08-24 11:40:19 +0200
committer: Karel Zak 2015-08-24 11:40:19 +0200
commit: 6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9 (patch)
tree: 4130fcfdaf8741af067fc74e888fa7d503e371a8 /Documentation/releases
parent: libblkid: added drbdmanage control volume detection. (diff)
download: kernel-qcow2-util-linux-6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9.tar.gz
kernel-qcow2-util-linux-6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9.tar.xz
kernel-qcow2-util-linux-6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/Documentation/releases/v2.27-ReleaseNotes b/Documentation/releases/v2.27-ReleaseNotes
index d537f7ef6..91a26c019 100644
--- a/Documentation/releases/v2.27-ReleaseNotes
+++ b/Documentation/releases/v2.27-ReleaseNotes
@@ -57,6 +57,14 @@ RTC_ALM_READ and RTC_ALM_SET fallbacks any more.
 The util-linux code is possible rebuild with --disable-assert now.
 
 
+Security issues
+---------------
+
+CVE-2015-5224 - chfn, chsh file name collision due to incorrect mkstemp use if
+                compiled without libuser.
+                [thanks to Qualys Security Advisory team; qualys.com]
+
+
 Stable maintenance releases between v2.26 and v2.27
 ---------------------------------------------------
author	Karel Zak	2015-08-24 11:40:19 +0200
committer	Karel Zak	2015-08-24 11:40:19 +0200
commit	6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9 (patch)
tree	4130fcfdaf8741af067fc74e888fa7d503e371a8 /Documentation/releases
parent	libblkid: added drbdmanage control volume detection. (diff)
download	kernel-qcow2-util-linux-6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9.tar.gz kernel-qcow2-util-linux-6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9.tar.xz kernel-qcow2-util-linux-6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9.zip