Ubuntu

“pam” 1.1.3-2ubuntu2.1 source package in The Oneiric Ocelot

Publishing history

1.1.3-2ubuntu2.1
PUBLISHED: Oneiric pocket Updates in component main and section libs
  • Published on 2011-10-24
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team by Marc Deslauriers
1.1.3-2ubuntu2.1
PUBLISHED: Oneiric pocket Security in component main and section libs
  • Published on 2011-10-24
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team by Marc Deslauriers

Builds

Changelog

pam (1.1.3-2ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: possible code execution via incorrect environment file
    parsing (LP: #874469)
    - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
      whitespace when parsing environment file in modules/pam_env/pam_env.c.
    - CVE-2011-3148
  * SECURITY UPDATE: denial of service via overflowed environment variable
    expansion (LP: #874565)
    - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
      with PAM_BUF_ERR in modules/pam_env/pam_env.c.
    - CVE-2011-3149
  * SECURITY UPDATE: code execution via incorrect environment cleaning
    - debian/patches-applied/update-motd: updated to use clean environment
      and absolute paths in modules/pam_motd/pam_motd.c.
    - CVE-2011-XXXX
 -- Marc Deslauriers <email address hidden>   Tue, 18 Oct 2011 09:33:47 -0400