A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line field in a utmp entry . The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration.