Login
Newsletter
Werbung
Sicherheit: Überschreiben von Dateien in PAM (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in PAM (Aktualisierung)
ID: USN-959-2
Distribution: Ubuntu
Plattformen: Ubuntu 10.10
Datum: Mo, 25. Oktober 2010, 23:11
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832
Applikationen: Linux-PAM
Update von: Überschreiben von Dateien in PAM

Originalnachricht

 

--===============4245658820831883779==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="V0207lvV8h4k8FAm"
Content-Disposition: inline


--V0207lvV8h4k8FAm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-959-2           October 25, 2010
pam vulnerability
CVE-2010-0832
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  libpam-modules                  1.1.1-4ubuntu2

In general, a standard system update will make all the necessary changes.

Details follow:

USN-959-1 fixed vulnerabilities in PAM. This update provides the
corresponding updates for Ubuntu 10.10.

Original advisory details:

 Denis Excoffier discovered that the PAM MOTD module in Ubuntu did
 not correctly handle path permissions when creating user file stamps.
 A local attacker could exploit this to gain root privilieges.


Updated packages for Ubuntu 10.10:

  Source archives:

    pam_1.1.1-4ubuntu2.diff.gz
      Size/MD5:   256311 70ceb0ea3e0aea771cb0ee4d20159302
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.dsc
      Size/MD5:     1636 8b0a9a5576629cdc16a07fb6221555d1
    http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz
      Size/MD5:  1799415 b4838d787dd9b046a4d6992e18b6ffac

  Architecture independent packages:

    libpam-doc_1.1.1-4ubuntu2_all.deb
      Size/MD5:   284250 ee51d0d5117e8005bd96d365160ab8fc
    libpam-runtime_1.1.1-4ubuntu2_all.deb
      Size/MD5:    85274 65b297ca5b321eef1b76c05b7e15da01

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    libpam-cracklib_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:    56638 2058636a296f011ee82fb1085bcf98a0
    libpam-modules_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:   347314 d5f3e4cf08b35bf1c4772d0e17df9787
    libpam0g-dev_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:   158630 5b55c802a6e55ad7de7dca34853cadf5
    libpam0g_1.1.1-4ubuntu2_amd64.deb
      Size/MD5:    94660 a3f147932dc1c9dc7c0fff522bc7f7cd

  i386 architecture (x86 compatible Intel/AMD):

    libpam-cracklib_1.1.1-4ubuntu2_i386.deb
      Size/MD5:    56300 6ebc733abee6253e70f7862b8c8deead
    libpam-modules_1.1.1-4ubuntu2_i386.deb
      Size/MD5:   323066 799c517fe7928f1afbf2b440c87e23c3
    libpam0g-dev_1.1.1-4ubuntu2_i386.deb
      Size/MD5:   152140 5fef5190dfed92ca9c30e11723d7dd09
    libpam0g_1.1.1-4ubuntu2_i386.deb
      Size/MD5:    91718 498d37554ea0e6327aa91c6a7fb7e2ca

  powerpc architecture (Apple Macintosh G3/G4/G5):

    libpam-cracklib_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:    56864 c4a0ce26fa71db14be87e8bd72a0b993
    libpam-modules_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:   343926 d00027f03fa3506e2c7433da8bf60e3a
    libpam0g-dev_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:   157816 654f538026e76baea9b670d323eb9680
    http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_powerpc.deb
      Size/MD5:    95076 7056a91e001172a2e143b138c7bf60d2


--V0207lvV8h4k8FAm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>

iQIcBAEBCgAGBQJMxcfgAAoJEIly9N/cbcAmLc8QAJ40o0gxL+QSFXeOFDxZaY83
iW4MfBDFgdGPPzej8xZGxB4X74ujRaDEu4jr+alT+8H+t8hF/pyTJu0mZwd2ZVYg
1Jhwn3TsE03TWqtoHWsSvQnHXFTZWNxpOJwrWZn8yPzdRNblARbHnaMSa/veFTA7
ROzQJnn32fsDzWc29wJH/Lyf4X+hB2q/wH9l40xCZrUlkEbFiP0rCdTCnXETLTtn
+5EmEAS5zMJWi8pv8HVRuMtXJOvM3e1WIZ8grQBntJdQeykdj1elgNNMhCgMr5bT
DJOC+3g30ft4ohzZ6cM2IzFPKcFKk2z94UZrVt2Yxy2vwORSVZXChpR5Fq2hGH+u
bmHgAeQ/PIjTGq+qPgDNionDdNL0x6R869NlnXdig83rC35eo09/xPxtKoiKSPGA
Q2GfTZFvtjguvX9V0N6A/A8+DdEhes7srwuCMpGekMvQVqZrMZOf44laO9bX+WyP
MEmD/vcYtRPVARHa6hAuCNyXcJbCkaL6DmGG+EsWGNwBEH/9alt+zG3qLL3GxJ6r
T22v4fkUh/p6SefTrwdjb2jnmC4qm7U6At5xdNaGmhQ4/LQtxVLRpqytsBTrkmM2
cWVAKGhSV94mdUG3JdnXcBVOMf/7ckka3xLgALjZsb2IVcR/s+8DeT9+SZz2BjOI
yRVVYJg2wzYWPEETtdpR
=HpXI
-----END PGP SIGNATURE-----

--V0207lvV8h4k8FAm--


--===============4245658820831883779==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4245658820831883779==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung