docs: add hint about chfn & chsh bug and thanks to qualys

author Karel Zak <kzak@redhat.com>

Mon, 24 Aug 2015 09:40:19 +0000 (11:40 +0200)

committer Karel Zak <kzak@redhat.com>

Mon, 24 Aug 2015 09:40:19 +0000 (11:40 +0200)
author Karel Zak <kzak@redhat.com>
Mon, 24 Aug 2015 09:40:19 +0000 (11:40 +0200)
committer Karel Zak <kzak@redhat.com>
Mon, 24 Aug 2015 09:40:19 +0000 (11:40 +0200)
diff --git a/Documentation/releases/v2.27-ReleaseNotes b/Documentation/releases/v2.27-ReleaseNotes

index d537f7ef61445372e5304387b387f865a0bf5291..91a26c0197a7c3f9d6e683a14c08fe1fa6b38cea 100644 (file)
--- a/Documentation/releases/v2.27-ReleaseNotes
+++ b/Documentation/releases/v2.27-ReleaseNotes
@@ -57,6 +57,14 @@ RTC_ALM_READ and RTC_ALM_SET fallbacks any more.
  The util-linux code is possible rebuild with --disable-assert now.
  
  
+Security issues
+---------------
+
+CVE-2015-5224 - chfn, chsh file name collision due to incorrect mkstemp use if
+                compiled without libuser.
+                [thanks to Qualys Security Advisory team; qualys.com]
+
+
  Stable maintenance releases between v2.26 and v2.27
  ---------------------------------------------------
author	Karel Zak <kzak@redhat.com>
	Mon, 24 Aug 2015 09:40:19 +0000 (11:40 +0200)
committer	Karel Zak <kzak@redhat.com>
	Mon, 24 Aug 2015 09:40:19 +0000 (11:40 +0200)