Source: pam Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pam.
CVE-2009-0887[0]: | Integer signedness error in the _pam_StrTok function in | libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a | configuration file contains non-ASCII usernames, might allow remote | attackers to cause a denial of service, and might allow remote | authenticated users to obtain login access with a different user's | non-ASCII username, via a login attempt. Upstream patch: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.10&view=patch If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887 http://security-tracker.debian.net/tracker/CVE-2009-0887 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpCmXjzKPOug.pgp
Description: PGP signature
