[ubuntu/natty-security] pam_1.1.2-2ubuntu8.4_powerpc_translations.tar.gz, pam_1.1.2-2ubuntu8.4_armel_translations.tar.gz, pam_1.1.2-2ubuntu8.4_i386_translations.tar.gz, pam, pam_1.1.2-2ubuntu8.4_amd64_translations.tar.gz 1.1.2-2ubuntu8.4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Oct 24 19:03:51 UTC 2011
pam (1.1.2-2ubuntu8.4) natty-security; urgency=low
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
Date: Tue, 18 Oct 2011 10:03:44 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/pam/1.1.2-2ubuntu8.4
-------------- next part --------------
Format: 1.8
Date: Tue, 18 Oct 2011 10:03:44 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.1.2-2ubuntu8.4
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Launchpad-Bugs-Fixed: 874469 874565
Changes:
pam (1.1.2-2ubuntu8.4) natty-security; urgency=low
.
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
Checksums-Sha1:
00710457d3217168dc610c020204bf3cce46c923 2267 pam_1.1.2-2ubuntu8.4.dsc
7cee6fa301d5857cfd4ae9f30869d9dbd8bfa07c 338910 pam_1.1.2-2ubuntu8.4.diff.gz
Checksums-Sha256:
088990c816e5f0f9aaf1256d4f3f19b39305f3325a8b96826f3929898477638e 2267 pam_1.1.2-2ubuntu8.4.dsc
c29847bf2e4cefb3707a10405b0bb166d8ec7eb262a5a2c9ff7b01471c9667ea 338910 pam_1.1.2-2ubuntu8.4.diff.gz
Files:
584a58bc7c9712c493002abb4d068cc7 2267 libs optional pam_1.1.2-2ubuntu8.4.dsc
f338715825e4319eaba3359f4f0e0668 338910 libs optional pam_1.1.2-2ubuntu8.4.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Natty-changes
mailing list