dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Conectiva Linux Security Announcement - pam

Dec 14, 2000, 20:39 (0 Talkback[s])

Date: Wed, 13 Dec 2000 17:44:05 -0200
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [CLA-2000:358] Conectiva Linux Security Announcement - pam


CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE   : pam
SUMMARY   : Buffer overflow in pam_localuser
DATE      : 2000-12-13 17:42:00
ID        : CLA-2000:358
RELEVANT
RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1, 6.0

DESCRIPTION
The pam_localuser module, part of the PAM package, has a buffer overflow vulnerability in it. This module is *not* used in any default configuration and to be vulnerable an user would have to insert it manually in a configuration file in the /etc/pam.d directory.

SOLUTION
All users of the pam_localuser module should upgrade.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/pam-0.72-23cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/pam-0.72-23cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/pam-0.72-23cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/pam-0.72-23cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/pam-0.72-23cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/pam-0.72-23cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/pam-0.72-23cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/pam-0.72-23cl.i386.rpm

ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades:
- add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this):

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

 - run:                 apt-get update
 - after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato