pam 1.1.1-2ubuntu5.2 source package in Ubuntu


pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: multiple issues with lack of adequate privilege
    - debian/patches/security-dropprivs.patch: introduce new privilege
      dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
      libpam/include/security/pam_modutil.h, libpam/,
      modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
    - CVE-2010-3316
    - CVE-2010-3430
    - CVE-2010-3431
    - CVE-2010-3435
    - CVE-2010-4706
    - CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
    - debian/patches/CVE-2010-3853.patch: use clean environment in
    - CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
    isn't needed for Ubuntu, and it needs to be rewritten to work with the
    massive privilege refactoring in the security patches.
 -- Marc Deslauriers <email address hidden>   Thu, 19 May 2011 08:44:14 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2011-05-24
Uploaded to:
Original maintainer:
Ubuntu Developers
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size MD5 Checksum
pam_1.1.1.orig.tar.gz 1.7 MiB b4838d787dd9b046a4d6992e18b6ffac
pam_1.1.1-2ubuntu5.2.diff.gz 239.0 KiB 7339405295e11e2485df59895a8965f8
pam_1.1.1-2ubuntu5.2.dsc 2.2 KiB 42bcb5d6760e9133f987074a0fb53d14

View changes file

Binary packages built by this source

libpam-cracklib: PAM module to enable cracklib support

 This package includes libpam_cracklib, a PAM module that tests
 passwords to make sure they are not too weak during password change.

libpam-doc: Documentation of PAM

 Contains documentation (in HTML, ASCII, and PostScript format) for
 libpam, the Pluggable Authentication Modules library, a suite of shared
 libraries that enable the local system administrator to choose how
 applications authenticate users.

libpam-modules: Pluggable Authentication Modules for PAM

 This package completes the set of modules for PAM. It includes the
  pam_unix_*.so module as well as some specialty modules.

libpam-runtime: Runtime support for the PAM library

 Contains configuration files and directories required for
 authentication to work on Debian systems. This package is required
 on almost all installations.

libpam0g: Pluggable Authentication Modules library

 Contains the C shared library for Linux-PAM, a suite of shared
 libraries that enable the local system administrator to choose how
 applications authenticate users. In other words, without rewriting
 or recompiling a PAM-aware application, it is possible to switch
 between the authentication mechanism(s) it uses. One may entirely
 upgrade the local authentication system without touching the
 applications themselves.

libpam0g-dev: Development files for PAM

 Contains C header files and development shared libraries for libpam, the
 pluggable authentication modules, a suite of shared libraries that enable
 the local system administrator to choose how applications authenticate
 PAM decouples applications from the authentication mechanism, making it
 possible to upgrade the authentication system without recompiling or
 rewriting the applications.