lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 04 May 2016 19:47:53 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3567-1] libpam-sshauth security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3567-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 04, 2016                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libpam-sshauth
CVE ID         : CVE-2016-4422

It was discovered that libpam-sshauth, a PAM module to authenticate
using an SSH server, does not correctly handle system users. In certain
configurations an attacker can take advantage of this flaw to gain root
privileges.

For the stable distribution (jessie), this problem has been fixed in
version 0.3.1-1+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 0.4.1-2.

For the unstable distribution (sid), this problem has been fixed in
version 0.4.1-2.

We recommend that you upgrade your libpam-sshauth packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXKk9uAAoJEAVMuPMTQ89EjEEP/Re5Zlc+WLHuPuS27dD+a/av
bwaiwd5d2hfS5mPZRhb/lSw6StsHfApjuG3CXi2ZUODLcWUNQPeNP6swcFmAN8Gy
hIPbLmC127A9+ht7IqtZwMMBM3vvnKzF1+bPIgr2oep2dfE6PE2imC6wzkwSXmIG
M3Hb2NCVGvJBgQTYZLkykC0BdGWGQ5dBAwcMZzVfBGvDcs1fhWhug/lx81HbNLQc
+b58v68HyoU+HVMClsAxcsqmvZVXTm2eK95Y6iKzJfjFvuU1XtgWFfdR0LBo+zXV
uYxFXVUXBKr8QMCZt6mk8UNNglj0Jm52NuRl3KiA3mo+SA0RVZNFmr3HSLFQa0XK
y6v9jNCT7DAVe2A02F7nVj9tcjnplZ61rvt9lfHPcLQsWhM53mOEm5yucfJk9vp2
uSujlP8WFwLVbR32zLSTEFHMFqnA20zDkYxdeinJKKeoEsn7XrTq3itNmnQoRDi9
fswrbiVHVpc2TgSw42ek3YUPype4Ri5DkUFR47mPFUXoqeA2mNngKqUkrhIi7FC1
VEBSNquQCX+Qn84QFqEMI958KSD6qDYcm5Exz6GXWIKlq8pAQfydO3hSWgjTcLBh
RlsVF+1dkWvcLR41eDJ7/zTIWZbJU0t//h16gLsX42dRBFDMYDawu5QoW2VGwtew
g9bjfhTxRzheV444GKXH
=PBTm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ