drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in PAM (Aktualisierung)
Name: |
Überschreiben von Dateien in PAM (Aktualisierung) |
|
ID: |
USN-959-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.10 |
|
Datum: |
Mo, 25. Oktober 2010, 23:11 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832 |
|
Applikationen: |
Linux-PAM |
|
Update von: |
Überschreiben von Dateien in PAM |
|
Originalnachricht |
--===============4245658820831883779== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V0207lvV8h4k8FAm" Content-Disposition: inline
--V0207lvV8h4k8FAm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-959-2 October 25, 2010 pam vulnerability CVE-2010-0832 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 10.10: libpam-modules 1.1.1-4ubuntu2
In general, a standard system update will make all the necessary changes.
Details follow:
USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10.
Original advisory details:
Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.
Updated packages for Ubuntu 10.10:
Source archives:
pam_1.1.1-4ubuntu2.diff.gz Size/MD5: 256311 70ceb0ea3e0aea771cb0ee4d20159302 http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1-4ubuntu2.dsc Size/MD5: 1636 8b0a9a5576629cdc16a07fb6221555d1 http://security.ubuntu.com/ubuntu/pool/main/p/pam/pam_1.1.1.orig.tar.gz Size/MD5: 1799415 b4838d787dd9b046a4d6992e18b6ffac
Architecture independent packages:
libpam-doc_1.1.1-4ubuntu2_all.deb Size/MD5: 284250 ee51d0d5117e8005bd96d365160ab8fc libpam-runtime_1.1.1-4ubuntu2_all.deb Size/MD5: 85274 65b297ca5b321eef1b76c05b7e15da01
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
libpam-cracklib_1.1.1-4ubuntu2_amd64.deb Size/MD5: 56638 2058636a296f011ee82fb1085bcf98a0 libpam-modules_1.1.1-4ubuntu2_amd64.deb Size/MD5: 347314 d5f3e4cf08b35bf1c4772d0e17df9787 libpam0g-dev_1.1.1-4ubuntu2_amd64.deb Size/MD5: 158630 5b55c802a6e55ad7de7dca34853cadf5 libpam0g_1.1.1-4ubuntu2_amd64.deb Size/MD5: 94660 a3f147932dc1c9dc7c0fff522bc7f7cd
i386 architecture (x86 compatible Intel/AMD):
libpam-cracklib_1.1.1-4ubuntu2_i386.deb Size/MD5: 56300 6ebc733abee6253e70f7862b8c8deead libpam-modules_1.1.1-4ubuntu2_i386.deb Size/MD5: 323066 799c517fe7928f1afbf2b440c87e23c3 libpam0g-dev_1.1.1-4ubuntu2_i386.deb Size/MD5: 152140 5fef5190dfed92ca9c30e11723d7dd09 libpam0g_1.1.1-4ubuntu2_i386.deb Size/MD5: 91718 498d37554ea0e6327aa91c6a7fb7e2ca
powerpc architecture (Apple Macintosh G3/G4/G5):
libpam-cracklib_1.1.1-4ubuntu2_powerpc.deb Size/MD5: 56864 c4a0ce26fa71db14be87e8bd72a0b993 libpam-modules_1.1.1-4ubuntu2_powerpc.deb Size/MD5: 343926 d00027f03fa3506e2c7433da8bf60e3a libpam0g-dev_1.1.1-4ubuntu2_powerpc.deb Size/MD5: 157816 654f538026e76baea9b670d323eb9680 http://ports.ubuntu.com/pool/main/p/pam/libpam0g_1.1.1-4ubuntu2_powerpc.deb Size/MD5: 95076 7056a91e001172a2e143b138c7bf60d2
--V0207lvV8h4k8FAm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJMxcfgAAoJEIly9N/cbcAmLc8QAJ40o0gxL+QSFXeOFDxZaY83 iW4MfBDFgdGPPzej8xZGxB4X74ujRaDEu4jr+alT+8H+t8hF/pyTJu0mZwd2ZVYg 1Jhwn3TsE03TWqtoHWsSvQnHXFTZWNxpOJwrWZn8yPzdRNblARbHnaMSa/veFTA7 ROzQJnn32fsDzWc29wJH/Lyf4X+hB2q/wH9l40xCZrUlkEbFiP0rCdTCnXETLTtn +5EmEAS5zMJWi8pv8HVRuMtXJOvM3e1WIZ8grQBntJdQeykdj1elgNNMhCgMr5bT DJOC+3g30ft4ohzZ6cM2IzFPKcFKk2z94UZrVt2Yxy2vwORSVZXChpR5Fq2hGH+u bmHgAeQ/PIjTGq+qPgDNionDdNL0x6R869NlnXdig83rC35eo09/xPxtKoiKSPGA Q2GfTZFvtjguvX9V0N6A/A8+DdEhes7srwuCMpGekMvQVqZrMZOf44laO9bX+WyP MEmD/vcYtRPVARHa6hAuCNyXcJbCkaL6DmGG+EsWGNwBEH/9alt+zG3qLL3GxJ6r T22v4fkUh/p6SefTrwdjb2jnmC4qm7U6At5xdNaGmhQ4/LQtxVLRpqytsBTrkmM2 cWVAKGhSV94mdUG3JdnXcBVOMf/7ckka3xLgALjZsb2IVcR/s+8DeT9+SZz2BjOI yRVVYJg2wzYWPEETtdpR =HpXI -----END PGP SIGNATURE-----
--V0207lvV8h4k8FAm--
--===============4245658820831883779== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4245658820831883779==--
|
|
|
|