An update that fixes three vulnerabilities is now available.
The pam_env module is vulnerable to a stack overflow (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed (CVE-2010-3316).
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch pam-5331
To bring your system up-to-date, use "zypper patch".