It was reported [1] that slim 1.3.6 corrected [2] a potential security related to a potential NULL pointer dereference when using crypt() from glibc 2.17+. If using this version of glibc with older versions of slim, the login daemon could crash when processing malformed or unsupported salts. Although Fedora 18 ships this version of slim, it does not use a version of glibc that exposes this issue (Fedora 18 ships with glibc 2.16). [1] http://www.openwall.com/lists/oss-security/2013/10/09/4 [2] http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071fb