[ubuntu/hardy-security] pam_0.99.7.1-5ubuntu6.3_sparc_translations.tar.gz (delayed), pam_0.99.7.1-5ubuntu6.3_i386_translations.tar.gz, pam_0.99.7.1-5ubuntu6.3_amd64_translations.tar.gz, pam_0.99.7.1-5ubuntu6.3_ia64_translations.tar.gz, pam_0.99.7.1-5ubuntu6.3_lpia_translations.tar.gz, pam_0.99.7.1-5ubuntu6.3_powerpc_translations.tar.gz, pam_0.99.7.1-5ubuntu6.3_hppa_translations.tar.gz, pam 0.99.7.1-5ubuntu6.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon May 30 14:14:23 UTC 2011
pam (0.99.7.1-5ubuntu6.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or privilege escalation via
non-ASCII usernames
- debian/patches/CVE-2009-0887.patch: fix signedness error in
Linux-PAM/libpam/pam_misc.c.
- CVE-2009-0887
* SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/security-dropprivs.patch: introduce new privilege
dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
libpam/include/security/pam_modutil.h, libpam/libpam.map,
modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
modules/pam_xauth/pam_xauth.c.
- CVE-2010-3316
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/CVE-2010-3853.patch: use clean environment in
modules/pam_namespace/pam_namespace.c.
- CVE-2010-3853
* debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.
* debian/control: added Pre-Depends to libpam-modules so it won't get
updated without pulling in the updated libpam0g.
Date: Wed, 25 May 2011 10:16:14 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/pam/0.99.7.1-5ubuntu6.3
-------------- next part --------------
Format: 1.7
Date: Wed, 25 May 2011 10:16:14 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 0.99.7.1-5ubuntu6.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Changes:
pam (0.99.7.1-5ubuntu6.3) hardy-security; urgency=low
.
* SECURITY UPDATE: denial of service or privilege escalation via
non-ASCII usernames
- debian/patches/CVE-2009-0887.patch: fix signedness error in
Linux-PAM/libpam/pam_misc.c.
- CVE-2009-0887
* SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/security-dropprivs.patch: introduce new privilege
dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
libpam/include/security/pam_modutil.h, libpam/libpam.map,
modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
modules/pam_xauth/pam_xauth.c.
- CVE-2010-3316
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/CVE-2010-3853.patch: use clean environment in
modules/pam_namespace/pam_namespace.c.
- CVE-2010-3853
* debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.
* debian/control: added Pre-Depends to libpam-modules so it won't get
updated without pulling in the updated libpam0g.
Files:
0eba5874a67bc0c500718790e616c123 1837 libs optional pam_0.99.7.1-5ubuntu6.3.dsc
09de64a2252a663f7dabeae4ccf5a304 137059 libs optional pam_0.99.7.1-5ubuntu6.3.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Hardy-changes
mailing list