pam 1.1.1-2ubuntu5.2 source package in Ubuntu


pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: multiple issues with lack of adequate privilege
    - debian/patches/security-dropprivs.patch: introduce new privilege
      dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
      libpam/include/security/pam_modutil.h, libpam/,
      modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
    - CVE-2010-3316
    - CVE-2010-3430
    - CVE-2010-3431
    - CVE-2010-3435
    - CVE-2010-4706
    - CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
    - debian/patches/CVE-2010-3853.patch: use clean environment in
    - CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
    isn't needed for Ubuntu, and it needs to be rewritten to work with the
    massive privilege refactoring in the security patches.
 -- Marc Deslauriers <email address hidden>   Thu, 19 May 2011 08:44:14 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2011-05-24
Uploaded to:
Original maintainer:
Ubuntu Developers
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
pam_1.1.1.orig.tar.gz 1.7 MiB 9190184d918a8aea35f79df978dd1ebafc63aefcf66cb7be513a88f36e162d89
pam_1.1.1-2ubuntu5.2.diff.gz 239.0 KiB e79f313d13a41820b8632e281270e4c9ce329affca8a5adfbb9f9465cfbbd0b9
pam_1.1.1-2ubuntu5.2.dsc 2.2 KiB 71d0cc0889c964c8e3ea27b48d8e0b2393ff1e1b2525ac253ffdbe50dcfed872

View changes file

Binary packages built by this source

libpam-cracklib: PAM module to enable cracklib support

 This package includes libpam_cracklib, a PAM module that tests
 passwords to make sure they are not too weak during password change.

libpam-doc: Documentation of PAM

 Contains documentation (in HTML, ASCII, and PostScript format) for
 libpam, the Pluggable Authentication Modules library, a suite of shared
 libraries that enable the local system administrator to choose how
 applications authenticate users.

libpam-modules: Pluggable Authentication Modules for PAM

 This package completes the set of modules for PAM. It includes the
  pam_unix_*.so module as well as some specialty modules.

libpam-runtime: Runtime support for the PAM library

 Contains configuration files and directories required for
 authentication to work on Debian systems. This package is required
 on almost all installations.

libpam0g: Pluggable Authentication Modules library

 Contains the C shared library for Linux-PAM, a suite of shared
 libraries that enable the local system administrator to choose how
 applications authenticate users. In other words, without rewriting
 or recompiling a PAM-aware application, it is possible to switch
 between the authentication mechanism(s) it uses. One may entirely
 upgrade the local authentication system without touching the
 applications themselves.

libpam0g-dev: Development files for PAM

 Contains C header files and development shared libraries for libpam, the
 pluggable authentication modules, a suite of shared libraries that enable
 the local system administrator to choose how applications authenticate
 PAM decouples applications from the authentication mechanism, making it
 possible to upgrade the authentication system without recompiling or
 rewriting the applications.