Launchpad.net

CVE 2015-3238

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Related bugs and status

CVE-2015-3238 (Candidate) is related to these bugs:

Bug #1558114: package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is different from other instances of package libpam-modules:i386

		In	Importance	Status
1558114	package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is different from other instances of package libpam-modules:i386	pam (Ubuntu)	Critical	Fix Released
1558114	package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is different from other instances of package libpam-modules:i386	pam (Ubuntu Wily)	Critical	Fix Released
1558114	package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is different from other instances of package libpam-modules:i386	pam (Ubuntu Trusty)	Critical	Fix Released
1558114	package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is different from other instances of package libpam-modules:i386	pam (Ubuntu Precise)	Critical	Fix Released
1558114	package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is different from other instances of package libpam-modules:i386	pam (Ubuntu Xenial)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-3238

Related bugs and status

Related bugs

References