Package "libpam-cracklib"
Name: |
libpam-cracklib
|
Description: |
PAM module to enable cracklib support
|
Latest version: |
1.1.8-1ubuntu2.2 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
pam |
Homepage: |
http://pam.sourceforge.net/ |
Links
Download "libpam-cracklib"
Other versions of "libpam-cracklib" in Trusty
Changelog
pam (1.1.8-1ubuntu2.2) trusty-security; urgency=medium
* SECURITY REGRESSION: multiarch update issue (LP: #1558114)
- debian/patches-applied/cve-2015-3238.patch: removed manpage changes
so they don't get regenerated during build.
- CVE-2015-3238
-- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 13:30:15 -0400
|
Source diff to previous version |
1558114 |
package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is differe |
CVE-2015-3238 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc |
|
pam (1.1.8-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: pam_userdb case-insensitive search issue
- debian/patches-applied/cve-2013-7041.patch: fix password hash
comparison in modules/pam_userdb/pam_userdb.c.
- CVE-2013-7041
* SECURITY UPDATE: directory traversal issue in pam_timestamp
- debian/patches-applied/cve-2014-2583.patch: fix potential directory
traversal issue in modules/pam_timestamp/pam_timestamp.c.
- CVE-2014-2583
* SECURITY UPDATE: username enumeration via large passwords
- debian/patches-applied/cve-2015-3238.patch: limit password size to
prevent a helper function hang in modules/pam_exec/pam_exec.8.xml,
modules/pam_exec/pam_exec.c, modules/pam_unix/pam_unix.8.xml,
modules/pam_unix/pam_unix_passwd.c, modules/pam_unix/passverify.c,
modules/pam_unix/passverify.h, modules/pam_unix/support.c.
- CVE-2015-3238
-- Marc Deslauriers <email address hidden> Tue, 15 Mar 2016 14:58:49 -0400
|
CVE-2013-7041 |
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password v |
CVE-2014-2583 |
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create |
CVE-2015-3238 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc |
|
About
-
Send Feedback to @ubuntu_updates