Re: [SECURITY] [DSA 3567-1] libpam-sshauth security update
Unsubscribe
> On May 4, 2016, at 2:50 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3567-1 security@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> May 04, 2016 https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : libpam-sshauth
> CVE ID : CVE-2016-4422
>
> It was discovered that libpam-sshauth, a PAM module to authenticate
> using an SSH server, does not correctly handle system users. In certain
> configurations an attacker can take advantage of this flaw to gain root
> privileges.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 0.3.1-1+deb8u1.
>
> For the testing distribution (stretch), this problem has been fixed
> in version 0.4.1-2.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 0.4.1-2.
>
> We recommend that you upgrade your libpam-sshauth packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJXKk9uAAoJEAVMuPMTQ89EjEEP/Re5Zlc+WLHuPuS27dD+a/av
> bwaiwd5d2hfS5mPZRhb/lSw6StsHfApjuG3CXi2ZUODLcWUNQPeNP6swcFmAN8Gy
> hIPbLmC127A9+ht7IqtZwMMBM3vvnKzF1+bPIgr2oep2dfE6PE2imC6wzkwSXmIG
> M3Hb2NCVGvJBgQTYZLkykC0BdGWGQ5dBAwcMZzVfBGvDcs1fhWhug/lx81HbNLQc
> +b58v68HyoU+HVMClsAxcsqmvZVXTm2eK95Y6iKzJfjFvuU1XtgWFfdR0LBo+zXV
> uYxFXVUXBKr8QMCZt6mk8UNNglj0Jm52NuRl3KiA3mo+SA0RVZNFmr3HSLFQa0XK
> y6v9jNCT7DAVe2A02F7nVj9tcjnplZ61rvt9lfHPcLQsWhM53mOEm5yucfJk9vp2
> uSujlP8WFwLVbR32zLSTEFHMFqnA20zDkYxdeinJKKeoEsn7XrTq3itNmnQoRDi9
> fswrbiVHVpc2TgSw42ek3YUPype4Ri5DkUFR47mPFUXoqeA2mNngKqUkrhIi7FC1
> VEBSNquQCX+Qn84QFqEMI958KSD6qDYcm5Exz6GXWIKlq8pAQfydO3hSWgjTcLBh
> RlsVF+1dkWvcLR41eDJ7/zTIWZbJU0t//h16gLsX42dRBFDMYDawu5QoW2VGwtew
> g9bjfhTxRzheV444GKXH
> =PBTm
> -----END PGP SIGNATURE-----
>
Reply to: