* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2011 09:33:47 -0400
This bug was fixed in the package pam - 1.1.3-2ubuntu2.1
---------------
pam (1.1.3-2ubuntu2.1) oneiric-security; urgency=low
* SECURITY UPDATE: possible code execution via incorrect environment file patches- applied/ CVE-2011- 3148.patch: correctly count leading pam_env/ pam_env. c. patches- applied/ CVE-2011- 3149.patch: when overflowing, exit pam_env/ pam_env. c. patches- applied/ update- motd: updated to use clean environment pam_motd/ pam_motd. c.
parsing (LP: #874469)
- debian/
whitespace when parsing environment file in modules/
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/
with PAM_BUF_ERR in modules/
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/
and absolute paths in modules/
- CVE-2011-XXXX
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2011 09:33:47 -0400