UbuntuUpdates.org

Package "pam"

Name: pam

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • PAM module to enable cracklib support
  • Documentation of PAM
  • Pluggable Authentication Modules for PAM
  • Pluggable Authentication Modules for PAM - helper binaries
Latest version: 1.1.3-7ubuntu2.3
Release: precise (12.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "pam" in Precise

Repository Area Version
base main 1.1.3-7ubuntu2
security main 1.1.3-7ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.3-7ubuntu2.3 2016-03-17 22:06:40 UTC

  pam (1.1.3-7ubuntu2.3) precise-security; urgency=medium

  * SECURITY REGRESSION: multiarch update issue (LP: #1558597)
    - debian/patches-applied/cve-2015-3238.patch: Readd the manpage XML
      changes and also add the regenerated man pages to the patch. It is
      required to add the regenerated man pages to the patch because the build
      dependencies to regenerate the man pages are only installed during i386
      builds.
    - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Add
      the changes after regenerating pam_umask.8 to the patch for the reasons
      mentioned above.

 -- Tyler Hicks <email address hidden> Thu, 17 Mar 2016 13:14:44 -0500
Source diff to previous version
1558597 package libpam-modules 1.1.3-7ubuntu2.2 failed to install/upgrade: './usr/share/man/man8/pam_umask.8.gz' is different from the same file on the syste

Version: 1.1.3-7ubuntu2.2 2016-03-16 21:06:52 UTC

  pam (1.1.3-7ubuntu2.2) precise-security; urgency=medium

  * SECURITY REGRESSION: multiarch update issue (LP: #1558114)
    - debian/patches-applied/cve-2015-3238.patch: removed manpage changes
      so they don't get regenerated during build.
    - CVE-2015-3238

 -- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 13:32:15 -0400
Source diff to previous version
1558114 package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is differe
CVE-2015-3238 The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc

Version: 1.1.3-7ubuntu2.1 2016-03-16 16:06:44 UTC

  pam (1.1.3-7ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: pam_userdb case-insensitive search issue
    - debian/patches-applied/cve-2013-7041.patch: fix password hash
      comparison in modules/pam_userdb/pam_userdb.c.
    - CVE-2013-7041
  * SECURITY UPDATE: directory traversal issue in pam_timestamp
    - debian/patches-applied/cve-2014-2583.patch: fix potential directory
      traversal issue in modules/pam_timestamp/pam_timestamp.c.
    - CVE-2014-2583
  * SECURITY UPDATE: username enumeration via large passwords
    - debian/patches-applied/cve-2015-3238.patch: limit password size to
      prevent a helper function hang in modules/pam_exec/pam_exec.8.xml,
      modules/pam_exec/pam_exec.c, modules/pam_unix/pam_unix.8.xml,
      modules/pam_unix/pam_unix_passwd.c, modules/pam_unix/passverify.c,
      modules/pam_unix/passverify.h, modules/pam_unix/support.c.
    - CVE-2015-3238

 -- Marc Deslauriers <email address hidden> Tue, 15 Mar 2016 15:31:29 -0400
CVE-2013-7041 The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password v
CVE-2014-2583 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create
CVE-2015-3238 The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc


About   -   Send Feedback to @ubuntu_updates