Many thanks to Pat and team,

I have applied the libuser pre-release patch on a SL 6.6 system.

The yum update is okay, but not too sure how to test the vulnerability.

Did try - chfn  and embedded the literals "\n xxx" to Office prompt,
and that included into /etc/passwd and not regarded as control-N.

Presumably this has fixed the issue.

Thanks again.

Regards,
Peter


-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of [log in to unmask]
Sent: 28 July 2015 08:51
To: [log in to unmask]; [log in to unmask]
Subject: RE: libuser security update for SL 6

Many thanks, Pat, 

It is good to know they are forthcoming.

Regards,
Peter


-----Original Message-----
From: Patrick Riehecky [mailto:[log in to unmask]] 
Sent: 28 July 2015 00:44
To: Chiu, Peter (STFC,RAL,RALSP); scientific-linux-users
Subject: RE: libuser security update for SL 6

The libuser security packages (along with the rest of the 6.7 security errata) have been pushed into SL6's testing repo.

A formal announcement will be forthcoming, but we are still evaluating our build of 6.7.

Pat

--
Pat Riehecky
Scientific Linux developer

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org

________________________________________
From: Mailing list for Scientific Linux users worldwide [[log in to unmask]] on behalf of Peter C.  Chiu [[log in to unmask]]
Sent: Monday, July 27, 2015 11:25 AM
To: scientific-linux-users
Subject: [SCIENTIFIC-LINUX-USERS] libuser security update for SL 6

Hello,

I wonder if there is any news on the security update on libuser for SL 6?

Thanks a lot.

Peter