Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
The pam_env module is vulnerable to a stack overflow (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed (CVE-2010-3316).