Ubuntu
xen-api package

  1. Bug #1031375
  2. Comment #5

Comment 5 for bug 1031375

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen-api - 1.3.2-5ubuntu0.1

---------------
xen-api (1.3.2-5ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: PAM settings allowed any local user to issue remote API
    commands (LP: #1031375)
    - debian/patches/pam-auth-root-xapi-group: Xapi only authenticates the
      root user when making API calls over HTTP. Based on Debian patch.
 -- Mike McClurg <email address hidden> Thu, 26 Jul 2012 15:30:25 +0100