Module Name: src
Committed By: bouyer
Date: Sat Nov 19 14:00:14 UTC 2011
Modified Files:
src/doc [netbsd-5-1]: CHANGES-5.1.1
Log Message:
ticket 1696
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.40 -r1.1.2.41 src/doc/CHANGES-5.1.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.1.1
diff -u src/doc/CHANGES-5.1.1:1.1.2.40 src/doc/CHANGES-5.1.1:1.1.2.41
--- src/doc/CHANGES-5.1.1:1.1.2.40 Fri Nov 18 23:09:48 2011
+++ src/doc/CHANGES-5.1.1 Sat Nov 19 14:00:14 2011
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.1.1,v 1.1.2.40 2011/11/18 23:09:48 sborrill Exp $
+# $NetBSD: CHANGES-5.1.1,v 1.1.2.41 2011/11/19 14:00:14 bouyer Exp $
A complete list of changes from the NetBSD 5.1 release to the NetBSD 5.1.1
release:
@@ -2559,3 +2559,15 @@ dist/bind/lib/dns/rbtdb.c patch
records, leading to an assertion failure. Fixes CVE-2011-4313.
[christos, ticket #1692]
+dist/openpam/lib/openpam_configure.c 1.6
+
+ Don't allow '/' characters in the "service" argument to pam_start()
+ The "service" is blindly appended to config directories ("/etc/pam.d/"),
+ and if a user can control the "service" it can get PAM to read config
+ files from any location.
+ This is not a problem with most software because the "service" is
+ usually a constant string. The check protects 3rd party software
+ from being abused.
+ (CVE-2011-4122)
+ [drochner, ticket #1696]
+
