Login
Newsletter
Werbung

Sicherheit: Denial of Service in libpam-radius-auth (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Denial of Service in libpam-radius-auth (Aktualisierung)
ID: USN-4290-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 ESM, Ubuntu 14.04 ESM
Datum: Di, 3. März 2020, 15:36
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9542
Applikationen: libpam-radius-auth
Update von: Denial of Service in libpam-radius-auth

Originalnachricht


--===============7311394573424668313==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="nFreZHaLTZJo0R7j"
Content-Disposition: inline


--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4290-2
March 03, 2020

libpam-radius-auth vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

libpam-radius-auth could be made to crash if it received specially crafted
network traffic.

Software Description:
- libpam-radius-auth: The PAM RADIUS authentication module

Details:

USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that libpam-radius-auth incorrectly handled certain long
passwords. A remote attacker could possibly use this issue to cause
libpam-radius-auth to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libpam-radius-auth 1.3.17-0ubuntu4+esm1

Ubuntu 12.04 ESM:
libpam-radius-auth 1.3.17-0ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4290-2
https://usn.ubuntu.com/4290-1
CVE-2015-9542

--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl5eUkwACgkQRbznW4QL
H2kBmRAAmPTqBo2p8VDB5AKi6/haoVRaV8qqZoy/QJnmtJna/Zl+Tlgl+15bXstH
jDp36jynN0wGkjpYLf3RkAYLa+pNY3xyvlLSvtHuoxHmN1ke77/U1GWXY1nEdh22
MRqjAaXeBA9po6srhz7a8herjhowTD8mA++DUupVhMjEiCtRavV1X1lPY6ppgxrK
jBblZOAR03gmpvet3/CFn+m5Jwe3ucZo+H+Ul9ehgwvL121AtCwY0q95BEzjMefC
VXlIVoq8zF0zYHHXdI2cfz7YqU9xcARc19QVXRwDroLe16MQ51WNlXNhiRLvvSdJ
1VScDZyKEFrlI3nA4exwJM7oZ0Cq/yxYtl53o8cKFlrb9V0rtaRjm33tgKUmll2E
0trjJtrnAWublFi74WmJqf9jRQ6Tu5UTv5c9qXWZEA86vKM3Rz2eTIiHHaFn6S1S
59VuxYVpzwg/Rx/X1dH6b9uofgV2AmgE68E2QpfNfK1cN5BYlne0/IniW0oyaBZm
aHIrjFFW4XkKYSqJWBpQ7Jr/OgM3IxX51ag1GP/W5GCds0u/oS7+mWEjOS/WXjJh
dY6FjJEW0PZmnGORsFLmPz4DYy+P1w0D8pck/VLTVRaVVoz9nCECXst3wGEkL17D
OpvlAHP7lHNJ43BIi6u25CcQisNMkZ6GubmGo90Q+3u50BjefEM=
=fWHs
-----END PGP SIGNATURE-----

--nFreZHaLTZJo0R7j--


--===============7311394573424668313==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung