drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in pam-python
Name: |
Ausführen von Code mit höheren Privilegien in pam-python |
|
ID: |
DSA-4555-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch, Debian buster |
|
Datum: |
Mi, 30. Oktober 2019, 07:24 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16729 |
|
Applikationen: |
pam-python |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4555-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pam-python CVE ID : CVE-2019-16729
Malte Kraus discovered that libpam-python, a PAM module allowing PAM modules to be written in Python, didn't sanitise environment variables which could result in local privilege escalation if used with a setuid binary.
For the oldstable distribution (stretch), this problem has been fixed in version 1.0.6-1.1+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 1.0.6-1.1+deb10u1.
We recommend that you upgrade your pam-python packages.
For the detailed security status of pam-python please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pam-python
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl24vI8ACgkQEMKTtsN8 TjYGFg//c9GiyhgjWJ35MQgUD50oLEUjrP95BtdteLVKVYiHQ/HrooE5jYGxQmRO i/cMCxPWWv4uIzvqzq1Cjf/MOLIeQRuB/KLpibhQJcevRraRWA7fM2Hq/1ChZ5AZ sQ5EKp+fzOn6m3q6TxRpJj1FFhraXC33TZdVz3wC9jmpGHpR/BfMw7GbV1fHFkTA WMFCL2+KctSEdgcNZ5JYnwGM6TAgbt90OsRNTorv1/jfkVP2LgdQwKg/kH9hNU96 KN+300TL2QzJhYDOX7nCxXP0/IYSfzqWLVGDRbMvTtDwROFemY6r360rfmcTD2w/ 7x4WgTNWeNidXqisT9RmlmuLhsElM/HbYV8DlX2SMX9DxHVa6m2l6Q5oWnGNkf+H 7bM+e6sYr25ciVXUQRbErrYkoj2l4/wKZIL+nuuvavzzXLZMP9R2kMbVkm93pNZM uEod4IMJ1ULAflSsUzsP6ZpgxOCaSMjCMnA7e4f+PGq9Bcu1PN3H0FIIrkGRtJOj BNNjJ0QFAsnZ5zEcYktlhpUCR4u/xnXeK4T0muSs6AUjd0GqD12xCkcBESNvkNTR FH2bxUevdvig39qnVhHS5GdgrStNzA/0IicgaB7u0vI+oucpZUXCeO2EYvQ0CFJ9 TmPIXU1TvgVf5x1kSLG7X6iEYnh6FehPA7AqA8kOqAN7tD2Kv6A= =/rwP -----END PGP SIGNATURE-----
|
|
|
|