Bug#212463: pam security problem in OpenSSH again?
Package: ssh
Version: 1:3.4p1-1.woody.3
Serverity: grave
Looks like there's some serious security problem in the PAM implementation.
There's been a lot of changes in this area after 1.3.6, so it's not clear if
the version Debian is distributing are affected. Someone, either the
security team or the package maintainer, should have a look.
http://www.securityfocus.com/archive/121/338616
http://www.securityfocus.com/archive/121/338617
--
Brian Ristuccia
brian@ristuccia.com
bristucc@cs.uml.edu
Reply to: