~ubuntu-branches/ubuntu/maverick/pam/maverick-security

Viewing all changes in revision 69.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-05-19 08:42:33 UTC
  • mfrom: (68.1.1 maverick-proposed)
  • Revision ID: james.westby@ubuntu.com-20110519084233-cvfamhcv5449snnh
Tags: 1.1.1-4ubuntu2.2
* SECURITY UPDATE: multiple issues with lack of adequate privilege
  dropping
  - debian/patches/security-dropprivs.patch: introduce new privilege
    dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
    libpam/include/security/pam_modutil.h, libpam/libpam.map,
    modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
    modules/pam_xauth/pam_xauth.c.
  - CVE-2010-3316
  - CVE-2010-3430
  - CVE-2010-3431
  - CVE-2010-3435
  - CVE-2010-4706
  - CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
  - debian/patches/CVE-2010-3853.patch: use clean environment in
    modules/pam_namespace/pam_namespace.c.
  - CVE-2010-3853
* debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
  isn't needed for Ubuntu, and it needs to be rewritten to work with the
  massive privilege refactoring in the security patches.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: