Ubuntu

“pam” 0.99.7.1-5ubuntu6.3 source package in The Hardy Heron

Publishing history

0.99.7.1-5ubuntu6.3
DELETED: Hardy pocket Updates in component main and section libs
  • Removed from disk on 2011-05-31.
  • Removal requested on 2011-05-31.
  • Deleted on 2011-05-31 by Colin Watson

    broken security update (LP: #790538)

  • Published on 2011-05-30
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team
0.99.7.1-5ubuntu6.3
DELETED: Hardy pocket Security in component main and section libs
  • Removed from disk on 2011-05-31.
  • Removal requested on 2011-05-31.
  • Deleted on 2011-05-31 by Colin Watson

    broken security update (LP: #790538)

  • Published on 2011-05-30
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team

Builds

Changelog

pam (0.99.7.1-5ubuntu6.3) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service or privilege escalation via
    non-ASCII usernames
    - debian/patches/CVE-2009-0887.patch: fix signedness error in
      Linux-PAM/libpam/pam_misc.c.
    - CVE-2009-0887
  * SECURITY UPDATE: multiple issues with lack of adequate privilege
    dropping
    - debian/patches/security-dropprivs.patch: introduce new privilege
      dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
      libpam/include/security/pam_modutil.h, libpam/libpam.map,
      modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
      modules/pam_xauth/pam_xauth.c.
    - CVE-2010-3316
    - CVE-2010-3430
    - CVE-2010-3431
    - CVE-2010-3435
    - CVE-2010-4706
    - CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
    - debian/patches/CVE-2010-3853.patch: use clean environment in
      modules/pam_namespace/pam_namespace.c.
    - CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
    isn't needed for Ubuntu, and it needs to be rewritten to work with the
    massive privilege refactoring in the security patches.
  * debian/control: added Pre-Depends to libpam-modules so it won't get
    updated without pulling in the updated libpam0g.
 -- Marc Deslauriers <email address hidden>   Wed, 25 May 2011 10:16:14 -0400