~ubuntu-branches/ubuntu/maverick/pam/maverick-updates

Viewing all changes in revision 71.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-10-18 10:05:50 UTC
  • Revision ID: james.westby@ubuntu.com-20111018100550-rca9jdu89qjdlly3
Tags: 1.1.1-4ubuntu2.4
* SECURITY UPDATE: possible code execution via incorrect environment file
  parsing (LP: #874469)
  - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
    whitespace when parsing environment file in modules/pam_env/pam_env.c.
  - CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
  expansion (LP: #874565)
  - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
    with PAM_BUF_ERR in modules/pam_env/pam_env.c.
  - CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
  - debian/patches-applied/update-motd: updated to use clean environment
    and absolute paths in modules/pam_motd/pam_motd.c.
  - CVE-2011-XXXX

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: