[ubuntu/natty-security] pam_1.1.2-2ubuntu8.4_powerpc_translations.tar.gz, pam_1.1.2-2ubuntu8.4_armel_translations.tar.gz, pam_1.1.2-2ubuntu8.4_i386_translations.tar.gz, pam, pam_1.1.2-2ubuntu8.4_amd64_translations.tar.gz 1.1.2-2ubuntu8.4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Oct 24 19:03:51 UTC 2011


pam (1.1.2-2ubuntu8.4) natty-security; urgency=low

  * SECURITY UPDATE: possible code execution via incorrect environment file
    parsing (LP: #874469)
    - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
      whitespace when parsing environment file in modules/pam_env/pam_env.c.
    - CVE-2011-3148
  * SECURITY UPDATE: denial of service via overflowed environment variable
    expansion (LP: #874565)
    - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
      with PAM_BUF_ERR in modules/pam_env/pam_env.c.
    - CVE-2011-3149
  * SECURITY UPDATE: code execution via incorrect environment cleaning
    - debian/patches-applied/update-motd: updated to use clean environment
      and absolute paths in modules/pam_motd/pam_motd.c.
    - CVE-2011-XXXX

Date: Tue, 18 Oct 2011 10:03:44 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/pam/1.1.2-2ubuntu8.4
-------------- next part --------------
Format: 1.8
Date: Tue, 18 Oct 2011 10:03:44 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.1.2-2ubuntu8.4
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Launchpad-Bugs-Fixed: 874469 874565
Changes: 
 pam (1.1.2-2ubuntu8.4) natty-security; urgency=low
 .
   * SECURITY UPDATE: possible code execution via incorrect environment file
     parsing (LP: #874469)
     - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
       whitespace when parsing environment file in modules/pam_env/pam_env.c.
     - CVE-2011-3148
   * SECURITY UPDATE: denial of service via overflowed environment variable
     expansion (LP: #874565)
     - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
       with PAM_BUF_ERR in modules/pam_env/pam_env.c.
     - CVE-2011-3149
   * SECURITY UPDATE: code execution via incorrect environment cleaning
     - debian/patches-applied/update-motd: updated to use clean environment
       and absolute paths in modules/pam_motd/pam_motd.c.
     - CVE-2011-XXXX
Checksums-Sha1: 
 00710457d3217168dc610c020204bf3cce46c923 2267 pam_1.1.2-2ubuntu8.4.dsc
 7cee6fa301d5857cfd4ae9f30869d9dbd8bfa07c 338910 pam_1.1.2-2ubuntu8.4.diff.gz
Checksums-Sha256: 
 088990c816e5f0f9aaf1256d4f3f19b39305f3325a8b96826f3929898477638e 2267 pam_1.1.2-2ubuntu8.4.dsc
 c29847bf2e4cefb3707a10405b0bb166d8ec7eb262a5a2c9ff7b01471c9667ea 338910 pam_1.1.2-2ubuntu8.4.diff.gz
Files: 
 584a58bc7c9712c493002abb4d068cc7 2267 libs optional pam_1.1.2-2ubuntu8.4.dsc
 f338715825e4319eaba3359f4f0e0668 338910 libs optional pam_1.1.2-2ubuntu8.4.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>


More information about the Natty-changes mailing list