Today, while refactoring the sidux installer, a potential local privilege escalation issue has been discovered, which leaves a copy of the installer's configuration file on the target system. This configuration file also contains the salted MD5 password hashes for root and the first user account (UID 1000) and remains readable for local users. While this does not reveal these passwords directly, it can be used for a brute force attack against them.

• 2007-01 Χάος
• 2007-02 Τάρταρς
• 2007-03/ 2007-03.1 Γάια
• 2007-04/ 2007-04.5 Έρως
• 2008-01 Νυξ
• 2008-02 Έρεβος
• 2008-03 Ουρέα

# find /root /home -maxdepth 2 -type f -name '.sidconf*' -delete

Especially on multi-user systems, it is recommended to change the passwords for root and the first user (UID 1000) as well, this can be done using "passwd" as root/ user.

The cause for this issue has been found and upcoming releases will not be affected.