severity 599832 important thanks On Mon, Oct 11, 2010 at 07:52:13PM +0200, Moritz Muehlenhoff wrote: > Package: pam > Severity: grave > Tags: security
> Hi, > four security issues have been reported against pam: > Originally reported via a thread on oss-security: > http://thread.gmane.org/gmane.comp.security.oss.general/3311/focus=3534 > More verbose information and links to patches can be found > in the Red Hat bugzilla: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3316 "It is not believed to be exploitable on current kernels, at least not via RLIMIT_NPROC [4]." > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3430 > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3431 "Older PAM versions do to contain affected privilege dropping code and hence can not be affected by these issues. The are affected by the original issue - CVE-2010-3435." > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3435 "This flaw can lead to information disclosure." I fail to see why any of these issues would be considered grave. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
