Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
Steps to Reproduce:
I'll look into this and try to get it updated today or tomorrow at the latest.
5.5.4 added into portage -- amd64 and arm people, please mark stable and let us know when you have.
arm stable ;)
Still waiting for amd64 to mark stable.
Thanks. This one is now ready for a GLSA