To: [email protected]Subject: [ MDVSA-2009:077 ] pam
Date: Sat, 21 Mar 2009 20:25:01 +0100
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Ll6oX-0004wq-KD@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:077
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pam
Date : March 21, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in pam:
Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt (CVE-2009-0887).
The updated packages have been patched to prevent this.
Additionally some development packages were missing that are required
to build pam for CS4, these are also provided with this update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
210e7f58292fc3c903b22538c2be7295 2008.0/i586/libpam0-0.99.8.1-6.1mdv2008.0.i586.rpm
599ae39aa412bbd293b12c54c5c8105b 2008.0/i586/libpam-devel-0.99.8.1-6.1mdv2008.0.i586.rpm
141f673610f93f1b9f26b8cb94ea38dc 2008.0/i586/pam-0.99.8.1-6.1mdv2008.0.i586.rpm
5aea57085d3baba905a05c5d1f29d29e 2008.0/i586/pam-doc-0.99.8.1-6.1mdv2008.0.i586.rpm
1d9551b97e8e4eb5af65ef8c251b5f4c 2008.0/SRPMS/pam-0.99.8.1-6.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
bc55a9ea37c3541fdf656238b46aa8c5 2008.0/x86_64/lib64pam0-0.99.8.1-6.1mdv2008.0.x86_64.rpm
883efd2432eaddbc6a0421ea847c54d6 2008.0/x86_64/lib64pam-devel-0.99.8.1-6.1mdv2008.0.x86_64.rpm
c0947a0c7442b415a4b39423c98a1e6f 2008.0/x86_64/pam-0.99.8.1-6.1mdv2008.0.x86_64.rpm
7c3ec5bfc9c9ca51959345d62158013c 2008.0/x86_64/pam-doc-0.99.8.1-6.1mdv2008.0.x86_64.rpm
1d9551b97e8e4eb5af65ef8c251b5f4c 2008.0/SRPMS/pam-0.99.8.1-6.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
2c9d674a712fc6b662ce99c9ab498075 2008.1/i586/libpam0-0.99.8.1-8.1mdv2008.1.i586.rpm
104fc3313ba8ed211850c62effe26a2b 2008.1/i586/libpam-devel-0.99.8.1-8.1mdv2008.1.i586.rpm
82037a9570821f47da2f95a214c18f1a 2008.1/i586/pam-0.99.8.1-8.1mdv2008.1.i586.rpm
c96cf5d1f2311bcea54601a15e64eed2 2008.1/i586/pam-doc-0.99.8.1-8.1mdv2008.1.i586.rpm
d27ad78a0e3691c454f11548e5135504 2008.1/SRPMS/pam-0.99.8.1-8.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
b9cf6e7e251ad97d161bea4b88fa58b5 2008.1/x86_64/lib64pam0-0.99.8.1-8.1mdv2008.1.x86_64.rpm
9e0818c288d1cf464e410d127bb69626 2008.1/x86_64/lib64pam-devel-0.99.8.1-8.1mdv2008.1.x86_64.rpm
b371e10cdd5a1e2c2a142838eccc7f34 2008.1/x86_64/pam-0.99.8.1-8.1mdv2008.1.x86_64.rpm
fcdffc3dfd820cdad31dbe7696126e45 2008.1/x86_64/pam-doc-0.99.8.1-8.1mdv2008.1.x86_64.rpm
d27ad78a0e3691c454f11548e5135504 2008.1/SRPMS/pam-0.99.8.1-8.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
354f27c6c6fe417f0d408be7f983f9c5 2009.0/i586/libpam0-0.99.8.1-16.1mdv2009.0.i586.rpm
18c14b61195c204d707847114d043ad6 2009.0/i586/libpam-devel-0.99.8.1-16.1mdv2009.0.i586.rpm
9fa26fe7256872ac151e1007a3d0921c 2009.0/i586/pam-0.99.8.1-16.1mdv2009.0.i586.rpm
601c69d37b980098cdb3e626401b758c 2009.0/i586/pam-doc-0.99.8.1-16.1mdv2009.0.i586.rpm
69fcb3b23d5c26616ab9741276b9f2a0 2009.0/SRPMS/pam-0.99.8.1-16.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
936142c771482dc517230e105a9fc897 2009.0/x86_64/lib64pam0-0.99.8.1-16.1mdv2009.0.x86_64.rpm
af6bf7ba3b78ba4d1e53f819c02896cf 2009.0/x86_64/lib64pam-devel-0.99.8.1-16.1mdv2009.0.x86_64.rpm
919e004be5df3d39de7126b4f71d524b 2009.0/x86_64/pam-0.99.8.1-16.1mdv2009.0.x86_64.rpm
24f90b1d7c77b2451cbff0c094dfaba1 2009.0/x86_64/pam-doc-0.99.8.1-16.1mdv2009.0.x86_64.rpm
69fcb3b23d5c26616ab9741276b9f2a0 2009.0/SRPMS/pam-0.99.8.1-16.1mdv2009.0.src.rpm
Corporate 3.0:
bbccb95ef2d489cad5008aff0d477ad6 corporate/3.0/i586/libpam0-0.77-12.2.C30mdk.i586.rpm
a0e07a330f09ec25341075217f38fef7 corporate/3.0/i586/libpam0-devel-0.77-12.2.C30mdk.i586.rpm
2e3005d760e72a6222c7aa0ff3da4708 corporate/3.0/i586/pam-0.77-12.2.C30mdk.i586.rpm
b7e31f39ccadadbb2f5444a00fff6497 corporate/3.0/i586/pam-doc-0.77-12.2.C30mdk.i586.rpm
293b1a6e0c32005069e5390bd6b0b3b8 corporate/3.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
7bbb844351309190676f4fbe9ce62e70 corporate/3.0/x86_64/lib64pam0-0.77-12.2.C30mdk.x86_64.rpm
25c16ee4d718a9e260c153c6983f5d2b corporate/3.0/x86_64/lib64pam0-devel-0.77-12.2.C30mdk.x86_64.rpm
249311fb9fd0c43506a11f1cce32c979 corporate/3.0/x86_64/pam-0.77-12.2.C30mdk.x86_64.rpm
309ae91641c19729263eab22709cf52e corporate/3.0/x86_64/pam-doc-0.77-12.2.C30mdk.x86_64.rpm
293b1a6e0c32005069e5390bd6b0b3b8 corporate/3.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
Corporate 4.0:
020800834f4ce964fae630a85cf627c5 corporate/4.0/i586/cracklib-dicts-2.8.3-1.1.20060mlcs4.i586.rpm
8b751aa75911ff9b169812cce188e307 corporate/4.0/i586/libcrack2-2.8.3-1.1.20060mlcs4.i586.rpm
98e07f212a2b18fcc83407ee554262f7 corporate/4.0/i586/libcrack2-devel-2.8.3-1.1.20060mlcs4.i586.rpm
f19159f721379636f53c4266036310ec corporate/4.0/i586/libpam0-0.77-31.1.20060mlcs4.i586.rpm
37cf1f3f4e2765a1ca9a5869430c0a1d corporate/4.0/i586/libpam0-devel-0.77-31.1.20060mlcs4.i586.rpm
1e068b619020a011addb397f962a8a4d corporate/4.0/i586/libpwdb0-0.62-2.1.20060mlcs4.i586.rpm
3507f0ae0f11686a4607e15cc069edc2 corporate/4.0/i586/libpwdb0-devel-0.62-2.1.20060mlcs4.i586.rpm
f29b17d7aca88aa620866e19ef1b755f corporate/4.0/i586/libpwdb0-static-devel-0.62-2.1.20060mlcs4.i586.rpm
949a4fcfc69cd11c7c47de603a2100c1 corporate/4.0/i586/pam-0.77-31.1.20060mlcs4.i586.rpm
4364562c4a910a98c3d9ef678ea5be73 corporate/4.0/i586/pam-doc-0.77-31.1.20060mlcs4.i586.rpm
9ead568ec16bb8e44d4c1f7d2a365ede corporate/4.0/i586/pwdb-conf-0.62-2.1.20060mlcs4.i586.rpm
8613c335b195ec91515c7023ddca8251 corporate/4.0/SRPMS/cracklib-2.8.3-1.1.20060mlcs4.src.rpm
fa57a88a81dc3169ab8b68c1e75db1ac corporate/4.0/SRPMS/pam-0.77-31.1.20060mlcs4.src.rpm
56b00aefdde6512b79bc17d2a6004036 corporate/4.0/SRPMS/pwdb-0.62-2.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5b809c44a34936ca88509749998ebcc2 corporate/4.0/x86_64/cracklib-dicts-2.8.3-1.1.20060mlcs4.x86_64.rpm
8345ad73abbef63e19fc6c10d721a216 corporate/4.0/x86_64/lib64crack2-2.8.3-1.1.20060mlcs4.x86_64.rpm
30f5aa853c8e0cc5a1e3da5e88da8862 corporate/4.0/x86_64/lib64crack2-devel-2.8.3-1.1.20060mlcs4.x86_64.rpm
1f8e87d48ca798327134a45650fddc28 corporate/4.0/x86_64/lib64pam0-0.77-31.1.20060mlcs4.x86_64.rpm
587942a0d0d8c45b100695ad6f02f734 corporate/4.0/x86_64/lib64pam0-devel-0.77-31.1.20060mlcs4.x86_64.rpm
549e1b91bda1bd15705f4a2c39a16cd1 corporate/4.0/x86_64/lib64pwdb0-0.62-2.1.20060mlcs4.x86_64.rpm
f2118437e903344719a3a17a133aaabd corporate/4.0/x86_64/lib64pwdb0-devel-0.62-2.1.20060mlcs4.x86_64.rpm
10fbc050e5ecab37e22eb0fad9d06040 corporate/4.0/x86_64/lib64pwdb0-static-devel-0.62-2.1.20060mlcs4.x86_64.rpm
6844a774f0011d019262871788fc3198 corporate/4.0/x86_64/pam-0.77-31.1.20060mlcs4.x86_64.rpm
f0a1d78b5d2d4009b91b8835a10896bf corporate/4.0/x86_64/pam-doc-0.77-31.1.20060mlcs4.x86_64.rpm
165f252bb3803896dbb144f43bbac8b2 corporate/4.0/x86_64/pwdb-conf-0.62-2.1.20060mlcs4.x86_64.rpm
8613c335b195ec91515c7023ddca8251 corporate/4.0/SRPMS/cracklib-2.8.3-1.1.20060mlcs4.src.rpm
fa57a88a81dc3169ab8b68c1e75db1ac corporate/4.0/SRPMS/pam-0.77-31.1.20060mlcs4.src.rpm
56b00aefdde6512b79bc17d2a6004036 corporate/4.0/SRPMS/pwdb-0.62-2.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
b22d14cb9f2fa4616f2588f7d234ee35 mnf/2.0/i586/libpam0-0.77-12.2.C30mdk.i586.rpm
e5d1a3942552398ce1ece9a0b43036fa mnf/2.0/i586/libpam0-devel-0.77-12.2.C30mdk.i586.rpm
d1ac0a9dff1944381e3699a1037e2936 mnf/2.0/i586/pam-0.77-12.2.C30mdk.i586.rpm
9ac370aa7b2ac02038a7849e8bf27942 mnf/2.0/i586/pam-doc-0.77-12.2.C30mdk.i586.rpm
44899571f6a74e53c97d3bf1f5ebd859 mnf/2.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJxRFhmqjQ0CJFipgRAlJkAJ40e3eBCOtkxCmUZ1plFMlZEWk/lgCeKpCG
0nfvCvq+dhD8O8v0t1Yg1dc=
=HveO
-----END PGP SIGNATURE-----