UbuntuUpdates.org

Package "libpam-cracklib"

Name: libpam-cracklib

Description:

PAM module to enable cracklib support

Latest version: 1.4.0-11ubuntu2.4
Release: jammy (22.04)
Level: updates
Repository: main
Head package: pam
Homepage: http://www.linux-pam.org/

Links


Download "libpam-cracklib"


Other versions of "libpam-cracklib" in Jammy

Repository Area Version
base main 1.4.0-11ubuntu2
security main 1.4.0-11ubuntu2.4

Changelog

Version: 1.4.0-11ubuntu2.4 2024-01-17 20:06:58 UTC

  pam (1.4.0-11ubuntu2.4) jammy-security; urgency=medium

  * SECURITY UPDATE: pam_namespace local denial of service
    - debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
      prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
    - CVE-2024-22365

 -- Marc Deslauriers <email address hidden> Wed, 10 Jan 2024 08:54:07 -0500

Source diff to previous version

Version: 1.4.0-11ubuntu2.3 2023-02-06 07:08:47 UTC

  pam (1.4.0-11ubuntu2.3) jammy-security; urgency=medium

  * SECURITY REGRESSION: fix CVE-2022-28321 patch location
    - debian/patches-applied/CVE-2022-28321.patch: pam_access: handle
      hostnames in access.conf
    - CVE-2022-28321

 -- Nishit Majithia <email address hidden> Thu, 02 Feb 2023 14:51:46 +0530

Source diff to previous version
CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctl

Version: 1.4.0-11ubuntu2.1 2023-01-25 12:06:56 UTC

  pam (1.4.0-11ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
      access.conf
    - CVE-2022-28321

 -- Nishit Majithia <email address hidden> Tue, 24 Jan 2023 17:07:01 +0530

CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctl



About   -   Send Feedback to @ubuntu_updates