Bug#1030119: release-notes: openssh-server: fills the log with "deprecated reading of user environment enabled"

To: "1030119@bugs.debian.org" <1030119@bugs.debian.org>
Subject: Bug#1030119: release-notes: openssh-server: fills the log with "deprecated reading of user environment enabled"
From: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>
Date: Sat, 18 May 2024 14:30:00 +0000
Message-id: <[🔎] 9HQuKxwuClCBzFBR9xh8ZFIuxR8SwDMBRS12bJ_CvRzd9TGeVsnTzOQ-BvD8JVTCzqM_GEW2EO_dIwfH7Uo7L1SgGMxC4bieF2MTxxggQQI=@protonmail.ch>
Reply-to: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>, 1030119@bugs.debian.org
References: <E1oSBJL-001CjL-2q@tucano.isti.cnr.it>

You wanted to "track down an actual reason for this change" ?

Try this:

CVE-2011-3148
CVE-2011-3149

As summarised by Redhat (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.4_technical_notes/pam):

If an application's PAM configuration contained user_readenv=1, a local attacker could use this flaw to cause the application to enter an infinite loop.

Reply to:

Prev by Date: dpb_0.0~git20240516+29fcc7464_source.changes ACCEPTED into unstable
Next by Date: Bug#1071506: release-notes: wireplumber NEWS mentions "no automatic conversion"
Previous by thread: dpb_0.0~git20240516+29fcc7464_source.changes ACCEPTED into unstable
Next by thread: Bug#1071506: release-notes: wireplumber NEWS mentions "no automatic conversion"
Index(es):
- Date
- Thread