UbuntuUpdates.org

Package "pam"

Name: pam

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • PAM module to enable cracklib support
  • Documentation of PAM
  • Pluggable Authentication Modules for PAM
  • Pluggable Authentication Modules for PAM - helper binaries
Latest version: 1.1.8-1ubuntu2.2
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "pam" in Trusty

Repository Area Version
base main 1.1.8-1ubuntu2
security main 1.1.8-1ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.8-1ubuntu2.2 2016-03-16 21:06:54 UTC

  pam (1.1.8-1ubuntu2.2) trusty-security; urgency=medium

  * SECURITY REGRESSION: multiarch update issue (LP: #1558114)
    - debian/patches-applied/cve-2015-3238.patch: removed manpage changes
      so they don't get regenerated during build.
    - CVE-2015-3238

 -- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 13:30:15 -0400
Source diff to previous version
1558114 package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is differe
CVE-2015-3238 The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc

Version: 1.1.8-1ubuntu2.1 2016-03-16 16:06:46 UTC

  pam (1.1.8-1ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: pam_userdb case-insensitive search issue
    - debian/patches-applied/cve-2013-7041.patch: fix password hash
      comparison in modules/pam_userdb/pam_userdb.c.
    - CVE-2013-7041
  * SECURITY UPDATE: directory traversal issue in pam_timestamp
    - debian/patches-applied/cve-2014-2583.patch: fix potential directory
      traversal issue in modules/pam_timestamp/pam_timestamp.c.
    - CVE-2014-2583
  * SECURITY UPDATE: username enumeration via large passwords
    - debian/patches-applied/cve-2015-3238.patch: limit password size to
      prevent a helper function hang in modules/pam_exec/pam_exec.8.xml,
      modules/pam_exec/pam_exec.c, modules/pam_unix/pam_unix.8.xml,
      modules/pam_unix/pam_unix_passwd.c, modules/pam_unix/passverify.c,
      modules/pam_unix/passverify.h, modules/pam_unix/support.c.
    - CVE-2015-3238

 -- Marc Deslauriers <email address hidden> Tue, 15 Mar 2016 14:58:49 -0400
CVE-2013-7041 The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password v
CVE-2014-2583 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create
CVE-2015-3238 The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc


About   -   Send Feedback to @ubuntu_updates