Package: libpam-runtime Version: 0.76-22 Priority: serious Tags: security It seems we are missing some of upstream releases (0.77 was released in September 2002 and 0.78 was released in November 2004). Please package this new release: ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/
The 0.78 release includes two important security bugs as well as some of the patches from Debian and other releases. The relevant security bugs are: - Severe denial of service possible in pam_unix - Pam_wheel with the trust module can be spoofed Some other fixes in the PAM modules might be security-related, see below. The full changelog entries are: 0.78: Do Nov 18 14:48:36 CET 2004 * pam_unix: change the order of trying password changes - local first, NIS second (t8m) * pam_wheel: add option only_root to make it affect authentication to root account only * pam_unix: test return values on renaming files and report error to syslog and to user * pam_unix: forced password change shouldn't trump account expiration * pam_unix: remove the use of openlog (from debian - toady) * pam_unix: NIS cleanup (patch from Philippe Troin) * pam_access: you can now authenticate an explicit user on an explicit tty (from debian - toady) * pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues (patch from Igor Khavkine) * pam_env: added comments in the configuration file to avoid errors (from debian - toady) * pam_mail: check PAM_NO_ENV to know if we can delete the environment variable (from debian - toady) * pam_filter: s/termio/termios/g (from debian - toady) * pam_mkhomedir: no maxpathlen required (from debian - toady) * pam_limits: applied patch to allow explicit limits for root and remove limits on su. (from debian - toady) * pam_unix: severe denial of service possible with this module since it locked too aggressively. Bug report and testing help from Sascha Loetz. (Bug 664290 - agmorgan) * getlogin was spoofable: "/tmp/" and "/dev/" have the same number of characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname' attacks could potentially spoof pam_wheel with the 'trust' module argument into granting access to a luser. Also, pam_unix gave odd error messages in such a situation (logname != uid). This problem was found by David Endler of iDefense.com (Bug 667584 - agmorgan). * added my new DSA public key to the pgp.keys.asc file. Also included a signed copy of my new public key (1024D/D41A6DF2) made with my old key (1024/2A398175). * added "include" directive to config file syntax. The whole idea is to create few "systemwide" pam configs and include parts of them in application pam configs. (patch by "Dmitry V. Levin" <[EMAIL PROTECTED]>) (Bug 812567 - baggins). * doc/modules/pam_mkhomedir.sgml: Remove wrong debug options (Bug 591605 - kukuk) * pam_unix: Call password checking helper whenever the password field contains only one character (Bug 1027903 - kukuk) * libpam/pam_start.c: All service names should be files below /etc/pam.d and nothing else. Forbid paths. (Bug 1027912 - kukuk) * pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib module (Bug 1010142 - toady) * pam_userdb: applied patch from Paul Walmsley <[EMAIL PROTECTED]> it now indicates whether encrypted or plaintext passwords are stored in the database needed for pam_userdb (BerliOS - toady) * pam_group: The module should also ignore PAM_REINITIALIZE_CRED to avoid spurious errors (from Linux distributors - kukuk) * pam_cracklib: Clear the entire options structure (from Linux distributors - kukuk) * pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure that the destination is part of the allocated block, make do_prompt static (from Linux distributors - kukuk) * ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT environment, else let ldconfig only create the symlinks correct (from Linux distributors - kukuk) * pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD (from Linux distributors - kukuk) * Add most of Steve Grubb's resource leak and other fixes (from Linux distributors - kukuk) * doc/Makefile: Don't include .cvsignore files in tar ball (kukuk) * libpam_misc/misc_conv.c: Differentiate between Ctrl-D and <Return> (Bug 1032604 - kukuk) * Make.Rules.in: Add targets for installing man pages for modules (from Linux distributors - kukuk) * Add pam_xauth module (Bug 436440 - kukuk) * Add pam_localuser module (Bug 436444 - kukuk) * Add pam_succeed_if module (from Linux distributors - kukuk) * configure.in: Fix check for libcrypt (Bug 417704 - kukuk) * Add the "broken_shadow" argument to pam_unix, for ignoring errors reading shadow information (from Linux distributors - kukuk) * Add patches to make PAM modules reentrant (Bug 440107 - kukuk) * Merge patches from Red Hat (Bug 477000 and other - kukuk) * Fix pam_rhosts option parsing (Bug 922648 - kukuk) * Add $ISA support in config files (from Red Hat - kukuk) 0.77: Mon Sep 23 10:25:42 PDT 2002 * documentation support for pdf files was not quite right - installation was messed up. * pam_wheel was too aggressive to grant access (in the case of the 'deny' option you want to pay attention to 'trust'). Fix from Nalin (Bugs 476951, 476953 - agmorgan) * account management support for: pam_shells, pam_listfile, pam_wheel and pam_securetty (+ static module fix for pam_nologin). Patch from redhat through Harald Welte (Bug 436435 - agmorgan). * pam_wheel feature from Nalin - can use the module to provide wheel access to non-root accounts. Also from Nalin, a bugfix related to the primary group of the applicant is the 'wheel' group. (Bugs 476980, 476941 - agmorgan) * pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while running the helper binary (patch from Nalin) added the "noreap" module argument to both of these modules to turn off this new default. Bugfix found by Silvan Minghetti for former module and 521314 checkin. (Bugs 476963, 521314 - agmorgan). * updated CHANGELOG and configure.in for 0.77 work. Regards Javier
signature.asc
Description: Digital signature
