-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:208
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : setup
Date : April 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated setup package fixes security vulnerability:
An issue has been identified in Mandriva Business Server 2's setup
package where the /etc/shadow and /etc/gshadow files containing
password hashes were created with incorrect permissions, making them
world-readable (mga#14516).
This update fixes this issue by enforcing that those files are owned
by the root user and shadow group, and are only readable by those
two entities.
Note that this issue only affected new Mandriva Business Server
2 installations. System