libpam-sshauth (0.3.1-1+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-4422: local root privilege escalation. Return PAM_AUTH_ERR when a system user. This prevents the pam module from returning success without asking for authentication credentials. Thanks to Vagrant Cascadian <email address hidden> -- Salvatore Bonaccorso <email address hidden> Wed, 04 May 2016 10:55:45 +0200