pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3316 - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches.
Date: Thu, 19 May 2011 08:44:14 -0400 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/lucid/+source/pam/1.1.1-2ubuntu5.2
Format: 1.8 Date: Thu, 19 May 2011 08:44:14 -0400 Source: pam Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: source Version: 1.1.1-2ubuntu5.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Changes: pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low . * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3316 - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches. Checksums-Sha1: c36bdd761352a59520ed8d22426642444dfa5d6c 2241 pam_1.1.1-2ubuntu5.2.dsc f32fe52343d898de21f69d34af105d9554ee77ae 244703 pam_1.1.1-2ubuntu5.2.diff.gz Checksums-Sha256: 71d0cc0889c964c8e3ea27b48d8e0b2393ff1e1b2525ac253ffdbe50dcfed872 2241 pam_1.1.1-2ubuntu5.2.dsc e79f313d13a41820b8632e281270e4c9ce329affca8a5adfbb9f9465cfbbd0b9 244703 pam_1.1.1-2ubuntu5.2.diff.gz Files: 42bcb5d6760e9133f987074a0fb53d14 2241 libs optional pam_1.1.1-2ubuntu5.2.dsc 7339405295e11e2485df59895a8965f8 244703 libs optional pam_1.1.1-2ubuntu5.2.diff.gz Original-Maintainer: Steve Langasek <vor...@debian.org>
-- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes