[ubuntu/focal-proposed] libpam-radius-auth 1.4.0-2ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 19 13:00:13 UTC 2020


libpam-radius-auth (1.4.0-2ubuntu1) focal; urgency=medium

  * SECURITY UPDATE: DoS via stack overflow in password field
    - debian/patches/CVE-2015-9542-1.patch: use length, which has been
      limited in size in src/pam_radius_auth.c.
    - debian/patches/CVE-2015-9542-2.patch: clear out trailing part of the
      buffer in src/pam_radius_auth.c.
    - debian/patches/CVE-2015-9542-3.patch: copy password to buffer before
      rounding length in src/pam_radius_auth.c.
    - CVE-2015-9542

Date: Wed, 19 Feb 2020 07:45:34 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libpam-radius-auth/1.4.0-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Feb 2020 07:45:34 -0500
Source: libpam-radius-auth
Architecture: source
Version: 1.4.0-2ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libpam-radius-auth (1.4.0-2ubuntu1) focal; urgency=medium
 .
   * SECURITY UPDATE: DoS via stack overflow in password field
     - debian/patches/CVE-2015-9542-1.patch: use length, which has been
       limited in size in src/pam_radius_auth.c.
     - debian/patches/CVE-2015-9542-2.patch: clear out trailing part of the
       buffer in src/pam_radius_auth.c.
     - debian/patches/CVE-2015-9542-3.patch: copy password to buffer before
       rounding length in src/pam_radius_auth.c.
     - CVE-2015-9542
Checksums-Sha1:
 565cbd46a66a0bee255f32d5b77f5a088700e77a 1954 libpam-radius-auth_1.4.0-2ubuntu1.dsc
 6800bb1f4c4b4e57c6f08293617816161fb8fbd5 6780 libpam-radius-auth_1.4.0-2ubuntu1.debian.tar.xz
 a7f650300fc9734284b80db1cd70287e79e62261 5737 libpam-radius-auth_1.4.0-2ubuntu1_source.buildinfo
Checksums-Sha256:
 b5701358066d23583e2a281175889b809ee048bc0bbd23690c2fb3d4f3a06f36 1954 libpam-radius-auth_1.4.0-2ubuntu1.dsc
 6e5d9bb71d86e6210b5bd3b1b5c271150d6b6c93f21e0c8b85b4fe64b16a99f7 6780 libpam-radius-auth_1.4.0-2ubuntu1.debian.tar.xz
 a4bb56840c37f4f40b8b088354299d2a5ad3e0cb9964050969d9e4108dacc526 5737 libpam-radius-auth_1.4.0-2ubuntu1_source.buildinfo
Files:
 6a71f897e21b05b5238ffe199acc68c2 1954 admin optional libpam-radius-auth_1.4.0-2ubuntu1.dsc
 070a5fb1e23eefb43737adf37c2ec88b 6780 admin optional libpam-radius-auth_1.4.0-2ubuntu1.debian.tar.xz
 ea60f9011f168d29798e7cca6c487f1b 5737 admin optional libpam-radius-auth_1.4.0-2ubuntu1_source.buildinfo
Original-Maintainer: Debian QA Group <packages at qa.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5NMRwACgkQZWnYVadE
vpNSyQ/8DgyAKpFCynE2skWu1tGPfZ4j9GhljAqJeR6Vbgx5SIia1kwhTPjsy+Wr
IfIbvIxn4ZkR8iXmhvD0y+57iHqPt5gXigG2lZyHEvVGxfsLK+hCzEQsBcntlU7L
HmIEOnG+JExGY7QG3Ss8IFoNLMhTGRgwHku6DVtaOyAcNvJe+sVCP/RFSl025jFp
N7OXShHcdHVIDS4cFhexhowu20l1veyj+oRw2ZnrvPMOsvcC+WqSM3Oh7nYRNsap
hjG3Vy1zkC/rmGsr6TWGwffZaSFd7aY90PIe0sJesIqE9bNWfGBr+GQpmu2cGv4K
iC/dBfpv0TWY4nVxnEQ9rZSRoUTJr9FBK/gwN8WiwVGy3B8OnQrOrfcpkiZPpZIT
CVpoFY9CkSwsZyiJd8Sa/fTv1w582xPdOZppgns4tT1Sz8G1UipI2Jsiqu4FeOwr
IPGG3rH6MenhzRSwr4yezh+DUZesBIFCJ9Puvzyeh49ZpNZa6ohzi8zxbWuNoteB
9BhN7g+l0j3BIafkDQdAyJkiwrMOO8n++Di+JkhPatBJCnEn6fFp1DkkxSePigpj
r2wUBHYX4m9ROTT3R/g1MA/ud1ZgZjPUnk2ixnbT59mBA+xWly34qz5kt6ud23La
zj8CL+X+NoXc3vfd27K+RnYWVc7xr01chav+hkx65qLjcaRlzHg=
=/Tct
-----END PGP SIGNATURE-----


More information about the Focal-changes mailing list