[ubuntu/hardy-security] pam_0.99.7.1-5ubuntu6.5_sparc_translations.tar.gz, pam_0.99.7.1-5ubuntu6.5_ia64_translations.tar.gz, pam_0.99.7.1-5ubuntu6.5_i386_translations.tar.gz, pam_0.99.7.1-5ubuntu6.5_amd64_translations.tar.gz, pam_0.99.7.1-5ubuntu6.5_powerpc_translations.tar.gz, pam_0.99.7.1-5ubuntu6.5_lpia_translations.tar.gz, pam_0.99.7.1-5ubuntu6.5_hppa_translations.tar.gz, pam 0.99.7.1-5ubuntu6.5 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Oct 24 19:05:03 UTC 2011
pam (0.99.7.1-5ubuntu6.5) hardy-security; urgency=low
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in
Linux-PAM/modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in Linux-PAM/modules/pam_env/pam_env.c.
- CVE-2011-3149
Date: Tue, 18 Oct 2011 10:31:55 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/pam/0.99.7.1-5ubuntu6.5
-------------- next part --------------
Format: 1.7
Date: Tue, 18 Oct 2011 10:31:55 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 0.99.7.1-5ubuntu6.5
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Launchpad-Bugs-Fixed: 874469 874565
Changes:
pam (0.99.7.1-5ubuntu6.5) hardy-security; urgency=low
.
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in
Linux-PAM/modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in Linux-PAM/modules/pam_env/pam_env.c.
- CVE-2011-3149
Files:
74745636089ce3dbe8e7f6b3d3a50fdf 1837 libs optional pam_0.99.7.1-5ubuntu6.5.dsc
5cba47c5fef1b30d0db61ba10cbcb45d 167952 libs optional pam_0.99.7.1-5ubuntu6.5.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Hardy-changes
mailing list