Re: [SECURITY] [DSA 3567-1] libpam-sshauth security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 3567-1] libpam-sshauth security update
From: Jason Fisher <jfisher@hiallc.com>
Date: Thu, 5 May 2016 22:57:17 +0000
Message-id: <[🔎] 9487A322-C184-41AC-A885-31BE7F160A28@hiallc.com>
In-reply-to: <E1ay2m1-0006dt-Hz@master.debian.org>
References: <E1ay2m1-0006dt-Hz@master.debian.org>

Unsubscribe


> On May 4, 2016, at 2:50 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3567-1                   security@debian.org
> https://www.debian.org/security/                     Salvatore Bonaccorso
> May 04, 2016                          https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : libpam-sshauth
> CVE ID         : CVE-2016-4422
> 
> It was discovered that libpam-sshauth, a PAM module to authenticate
> using an SSH server, does not correctly handle system users. In certain
> configurations an attacker can take advantage of this flaw to gain root
> privileges.
> 
> For the stable distribution (jessie), this problem has been fixed in
> version 0.3.1-1+deb8u1.
> 
> For the testing distribution (stretch), this problem has been fixed
> in version 0.4.1-2.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 0.4.1-2.
> 
> We recommend that you upgrade your libpam-sshauth packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCgAGBQJXKk9uAAoJEAVMuPMTQ89EjEEP/Re5Zlc+WLHuPuS27dD+a/av
> bwaiwd5d2hfS5mPZRhb/lSw6StsHfApjuG3CXi2ZUODLcWUNQPeNP6swcFmAN8Gy
> hIPbLmC127A9+ht7IqtZwMMBM3vvnKzF1+bPIgr2oep2dfE6PE2imC6wzkwSXmIG
> M3Hb2NCVGvJBgQTYZLkykC0BdGWGQ5dBAwcMZzVfBGvDcs1fhWhug/lx81HbNLQc
> +b58v68HyoU+HVMClsAxcsqmvZVXTm2eK95Y6iKzJfjFvuU1XtgWFfdR0LBo+zXV
> uYxFXVUXBKr8QMCZt6mk8UNNglj0Jm52NuRl3KiA3mo+SA0RVZNFmr3HSLFQa0XK
> y6v9jNCT7DAVe2A02F7nVj9tcjnplZ61rvt9lfHPcLQsWhM53mOEm5yucfJk9vp2
> uSujlP8WFwLVbR32zLSTEFHMFqnA20zDkYxdeinJKKeoEsn7XrTq3itNmnQoRDi9
> fswrbiVHVpc2TgSw42ek3YUPype4Ri5DkUFR47mPFUXoqeA2mNngKqUkrhIi7FC1
> VEBSNquQCX+Qn84QFqEMI958KSD6qDYcm5Exz6GXWIKlq8pAQfydO3hSWgjTcLBh
> RlsVF+1dkWvcLR41eDJ7/zTIWZbJU0t//h16gLsX42dRBFDMYDawu5QoW2VGwtew
> g9bjfhTxRzheV444GKXH
> =PBTm
> -----END PGP SIGNATURE-----
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3567-1] libpam-sshauth security update
  - From: Vladislav Kurz <vladislav.kurz@webstep.net>

Prev by Date: Re: ownCloud security support, citadel
Next by Date: Re: [SECURITY] [DSA 3567-1] libpam-sshauth security update
Previous by thread: Re: [TSG-SYS: 191475] [SECURITY] [DSA 3567-1] libpam-sshauth security update
Next by thread: Re: [SECURITY] [DSA 3567-1] libpam-sshauth security update
Index(es):
- Date
- Thread