[ MDVSA-2009:077 ] pam
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:077
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pam
Date : March 21, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in pam:
Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt (CVE-2009-0887).
The updated packages have been patched to prevent this.
Additionally some development packages were missing that are required
to build pam for CS4, these are also provided with this update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
210e7f58292fc3c903b22538c2be7295
2008.0/i586/libpam0-0.99.8.1-6.1mdv2008.0.i586.rpm
599ae39aa412bbd293b12c54c5c8105b
2008.0/i586/libpam-devel-0.99.8.1-6.1mdv2008.0.i586.rpm
141f673610f93f1b9f26b8cb94ea38dc
2008.0/i586/pam-0.99.8.1-6.1mdv2008.0.i586.rpm
5aea57085d3baba905a05c5d1f29d29e
2008.0/i586/pam-doc-0.99.8.1-6.1mdv2008.0.i586.rpm
1d9551b97e8e4eb5af65ef8c251b5f4c
2008.0/SRPMS/pam-0.99.8.1-6.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
bc55a9ea37c3541fdf656238b46aa8c5
2008.0/x86_64/lib64pam0-0.99.8.1-6.1mdv2008.0.x86_64.rpm
883efd2432eaddbc6a0421ea847c54d6
2008.0/x86_64/lib64pam-devel-0.99.8.1-6.1mdv2008.0.x86_64.rpm
c0947a0c7442b415a4b39423c98a1e6f
2008.0/x86_64/pam-0.99.8.1-6.1mdv2008.0.x86_64.rpm
7c3ec5bfc9c9ca51959345d62158013c
2008.0/x86_64/pam-doc-0.99.8.1-6.1mdv2008.0.x86_64.rpm
1d9551b97e8e4eb5af65ef8c251b5f4c
2008.0/SRPMS/pam-0.99.8.1-6.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
2c9d674a712fc6b662ce99c9ab498075
2008.1/i586/libpam0-0.99.8.1-8.1mdv2008.1.i586.rpm
104fc3313ba8ed211850c62effe26a2b
2008.1/i586/libpam-devel-0.99.8.1-8.1mdv2008.1.i586.rpm
82037a9570821f47da2f95a214c18f1a
2008.1/i586/pam-0.99.8.1-8.1mdv2008.1.i586.rpm
c96cf5d1f2311bcea54601a15e64eed2
2008.1/i586/pam-doc-0.99.8.1-8.1mdv2008.1.i586.rpm
d27ad78a0e3691c454f11548e5135504
2008.1/SRPMS/pam-0.99.8.1-8.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
b9cf6e7e251ad97d161bea4b88fa58b5
2008.1/x86_64/lib64pam0-0.99.8.1-8.1mdv2008.1.x86_64.rpm
9e0818c288d1cf464e410d127bb69626
2008.1/x86_64/lib64pam-devel-0.99.8.1-8.1mdv2008.1.x86_64.rpm
b371e10cdd5a1e2c2a142838eccc7f34
2008.1/x86_64/pam-0.99.8.1-8.1mdv2008.1.x86_64.rpm
fcdffc3dfd820cdad31dbe7696126e45
2008.1/x86_64/pam-doc-0.99.8.1-8.1mdv2008.1.x86_64.rpm
d27ad78a0e3691c454f11548e5135504
2008.1/SRPMS/pam-0.99.8.1-8.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
354f27c6c6fe417f0d408be7f983f9c5
2009.0/i586/libpam0-0.99.8.1-16.1mdv2009.0.i586.rpm
18c14b61195c204d707847114d043ad6
2009.0/i586/libpam-devel-0.99.8.1-16.1mdv2009.0.i586.rpm
9fa26fe7256872ac151e1007a3d0921c
2009.0/i586/pam-0.99.8.1-16.1mdv2009.0.i586.rpm
601c69d37b980098cdb3e626401b758c
2009.0/i586/pam-doc-0.99.8.1-16.1mdv2009.0.i586.rpm
69fcb3b23d5c26616ab9741276b9f2a0
2009.0/SRPMS/pam-0.99.8.1-16.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
936142c771482dc517230e105a9fc897
2009.0/x86_64/lib64pam0-0.99.8.1-16.1mdv2009.0.x86_64.rpm
af6bf7ba3b78ba4d1e53f819c02896cf
2009.0/x86_64/lib64pam-devel-0.99.8.1-16.1mdv2009.0.x86_64.rpm
919e004be5df3d39de7126b4f71d524b
2009.0/x86_64/pam-0.99.8.1-16.1mdv2009.0.x86_64.rpm
24f90b1d7c77b2451cbff0c094dfaba1
2009.0/x86_64/pam-doc-0.99.8.1-16.1mdv2009.0.x86_64.rpm
69fcb3b23d5c26616ab9741276b9f2a0
2009.0/SRPMS/pam-0.99.8.1-16.1mdv2009.0.src.rpm
Corporate 3.0:
bbccb95ef2d489cad5008aff0d477ad6
corporate/3.0/i586/libpam0-0.77-12.2.C30mdk.i586.rpm
a0e07a330f09ec25341075217f38fef7
corporate/3.0/i586/libpam0-devel-0.77-12.2.C30mdk.i586.rpm
2e3005d760e72a6222c7aa0ff3da4708
corporate/3.0/i586/pam-0.77-12.2.C30mdk.i586.rpm
b7e31f39ccadadbb2f5444a00fff6497
corporate/3.0/i586/pam-doc-0.77-12.2.C30mdk.i586.rpm
293b1a6e0c32005069e5390bd6b0b3b8
corporate/3.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
7bbb844351309190676f4fbe9ce62e70
corporate/3.0/x86_64/lib64pam0-0.77-12.2.C30mdk.x86_64.rpm
25c16ee4d718a9e260c153c6983f5d2b
corporate/3.0/x86_64/lib64pam0-devel-0.77-12.2.C30mdk.x86_64.rpm
249311fb9fd0c43506a11f1cce32c979
corporate/3.0/x86_64/pam-0.77-12.2.C30mdk.x86_64.rpm
309ae91641c19729263eab22709cf52e
corporate/3.0/x86_64/pam-doc-0.77-12.2.C30mdk.x86_64.rpm
293b1a6e0c32005069e5390bd6b0b3b8
corporate/3.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
Corporate 4.0:
020800834f4ce964fae630a85cf627c5
corporate/4.0/i586/cracklib-dicts-2.8.3-1.1.20060mlcs4.i586.rpm
8b751aa75911ff9b169812cce188e307
corporate/4.0/i586/libcrack2-2.8.3-1.1.20060mlcs4.i586.rpm
98e07f212a2b18fcc83407ee554262f7
corporate/4.0/i586/libcrack2-devel-2.8.3-1.1.20060mlcs4.i586.rpm
f19159f721379636f53c4266036310ec
corporate/4.0/i586/libpam0-0.77-31.1.20060mlcs4.i586.rpm
37cf1f3f4e2765a1ca9a5869430c0a1d
corporate/4.0/i586/libpam0-devel-0.77-31.1.20060mlcs4.i586.rpm
1e068b619020a011addb397f962a8a4d
corporate/4.0/i586/libpwdb0-0.62-2.1.20060mlcs4.i586.rpm
3507f0ae0f11686a4607e15cc069edc2
corporate/4.0/i586/libpwdb0-devel-0.62-2.1.20060mlcs4.i586.rpm
f29b17d7aca88aa620866e19ef1b755f
corporate/4.0/i586/libpwdb0-static-devel-0.62-2.1.20060mlcs4.i586.rpm
949a4fcfc69cd11c7c47de603a2100c1
corporate/4.0/i586/pam-0.77-31.1.20060mlcs4.i586.rpm
4364562c4a910a98c3d9ef678ea5be73
corporate/4.0/i586/pam-doc-0.77-31.1.20060mlcs4.i586.rpm
9ead568ec16bb8e44d4c1f7d2a365ede
corporate/4.0/i586/pwdb-conf-0.62-2.1.20060mlcs4.i586.rpm
8613c335b195ec91515c7023ddca8251
corporate/4.0/SRPMS/cracklib-2.8.3-1.1.20060mlcs4.src.rpm
fa57a88a81dc3169ab8b68c1e75db1ac
corporate/4.0/SRPMS/pam-0.77-31.1.20060mlcs4.src.rpm
56b00aefdde6512b79bc17d2a6004036
corporate/4.0/SRPMS/pwdb-0.62-2.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5b809c44a34936ca88509749998ebcc2
corporate/4.0/x86_64/cracklib-dicts-2.8.3-1.1.20060mlcs4.x86_64.rpm
8345ad73abbef63e19fc6c10d721a216
corporate/4.0/x86_64/lib64crack2-2.8.3-1.1.20060mlcs4.x86_64.rpm
30f5aa853c8e0cc5a1e3da5e88da8862
corporate/4.0/x86_64/lib64crack2-devel-2.8.3-1.1.20060mlcs4.x86_64.rpm
1f8e87d48ca798327134a45650fddc28
corporate/4.0/x86_64/lib64pam0-0.77-31.1.20060mlcs4.x86_64.rpm
587942a0d0d8c45b100695ad6f02f734
corporate/4.0/x86_64/lib64pam0-devel-0.77-31.1.20060mlcs4.x86_64.rpm
549e1b91bda1bd15705f4a2c39a16cd1
corporate/4.0/x86_64/lib64pwdb0-0.62-2.1.20060mlcs4.x86_64.rpm
f2118437e903344719a3a17a133aaabd
corporate/4.0/x86_64/lib64pwdb0-devel-0.62-2.1.20060mlcs4.x86_64.rpm
10fbc050e5ecab37e22eb0fad9d06040
corporate/4.0/x86_64/lib64pwdb0-static-devel-0.62-2.1.20060mlcs4.x86_64.rpm
6844a774f0011d019262871788fc3198
corporate/4.0/x86_64/pam-0.77-31.1.20060mlcs4.x86_64.rpm
f0a1d78b5d2d4009b91b8835a10896bf
corporate/4.0/x86_64/pam-doc-0.77-31.1.20060mlcs4.x86_64.rpm
165f252bb3803896dbb144f43bbac8b2
corporate/4.0/x86_64/pwdb-conf-0.62-2.1.20060mlcs4.x86_64.rpm
8613c335b195ec91515c7023ddca8251
corporate/4.0/SRPMS/cracklib-2.8.3-1.1.20060mlcs4.src.rpm
fa57a88a81dc3169ab8b68c1e75db1ac
corporate/4.0/SRPMS/pam-0.77-31.1.20060mlcs4.src.rpm
56b00aefdde6512b79bc17d2a6004036
corporate/4.0/SRPMS/pwdb-0.62-2.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
b22d14cb9f2fa4616f2588f7d234ee35
mnf/2.0/i586/libpam0-0.77-12.2.C30mdk.i586.rpm
e5d1a3942552398ce1ece9a0b43036fa
mnf/2.0/i586/libpam0-devel-0.77-12.2.C30mdk.i586.rpm
d1ac0a9dff1944381e3699a1037e2936 mnf/2.0/i586/pam-0.77-12.2.C30mdk.i586.rpm
9ac370aa7b2ac02038a7849e8bf27942
mnf/2.0/i586/pam-doc-0.77-12.2.C30mdk.i586.rpm
44899571f6a74e53c97d3bf1f5ebd859 mnf/2.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJxRFhmqjQ0CJFipgRAlJkAJ40e3eBCOtkxCmUZ1plFMlZEWk/lgCeKpCG
0nfvCvq+dhD8O8v0t1Yg1dc=
=HveO
-----END PGP SIGNATURE-----