Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3567-1] libpam-sshauth security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3567-1] libpam-sshauth security update


Chronologisch Thread 
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3567-1] libpam-sshauth security update
  • Date: Wed, 04 May 2016 19:47:53 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 4 May 2016 19:48:11 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <O0ZTpLt5K5G.A.vKE.7HlKXB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3567-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 04, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libpam-sshauth
CVE ID : CVE-2016-4422

It was discovered that libpam-sshauth, a PAM module to authenticate
using an SSH server, does not correctly handle system users. In certain
configurations an attacker can take advantage of this flaw to gain root
privileges.

For the stable distribution (jessie), this problem has been fixed in
version 0.3.1-1+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 0.4.1-2.

For the unstable distribution (sid), this problem has been fixed in
version 0.4.1-2.

We recommend that you upgrade your libpam-sshauth packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXKk9uAAoJEAVMuPMTQ89EjEEP/Re5Zlc+WLHuPuS27dD+a/av
bwaiwd5d2hfS5mPZRhb/lSw6StsHfApjuG3CXi2ZUODLcWUNQPeNP6swcFmAN8Gy
hIPbLmC127A9+ht7IqtZwMMBM3vvnKzF1+bPIgr2oep2dfE6PE2imC6wzkwSXmIG
M3Hb2NCVGvJBgQTYZLkykC0BdGWGQ5dBAwcMZzVfBGvDcs1fhWhug/lx81HbNLQc
+b58v68HyoU+HVMClsAxcsqmvZVXTm2eK95Y6iKzJfjFvuU1XtgWFfdR0LBo+zXV
uYxFXVUXBKr8QMCZt6mk8UNNglj0Jm52NuRl3KiA3mo+SA0RVZNFmr3HSLFQa0XK
y6v9jNCT7DAVe2A02F7nVj9tcjnplZ61rvt9lfHPcLQsWhM53mOEm5yucfJk9vp2
uSujlP8WFwLVbR32zLSTEFHMFqnA20zDkYxdeinJKKeoEsn7XrTq3itNmnQoRDi9
fswrbiVHVpc2TgSw42ek3YUPype4Ri5DkUFR47mPFUXoqeA2mNngKqUkrhIi7FC1
VEBSNquQCX+Qn84QFqEMI958KSD6qDYcm5Exz6GXWIKlq8pAQfydO3hSWgjTcLBh
RlsVF+1dkWvcLR41eDJ7/zTIWZbJU0t//h16gLsX42dRBFDMYDawu5QoW2VGwtew
g9bjfhTxRzheV444GKXH
=PBTm
-----END PGP SIGNATURE-----




  • [IT-SecNots] [SECURITY] [DSA 3567-1] libpam-sshauth security update, Salvatore Bonaccorso, 04.05.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang