Bug#361663: openssh-server: accounts with empty password accessable after upgrade
Package: openssh-server
Version: 1:4.2p1-8
Severity: important
After replacing ssh with openssh-server, accounts with empty password
become accessable when libpam-modules is too old. This can be
corrected by upgrading to a newer libpam-modules.
To reproduce the problem, downgrade to libpam-modules 0.72-35
(oldstable). The problem does not occur with version 0.76-22 (stable)
or newer.
A fix would be to change Depends: libpam-modules (>= 0.72.9) to at
least (>= 0.76-22).
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686-smp
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15)
Versions of packages openssh-server depends on:
ii adduser 3.47 Add and remove users and groups
ii debconf [debc 1.4.67 Debian configuration management sy
ii dpkg 1.13.11.0.1 package maintenance system for Deb
ii libc6 2.3.5-13 GNU C Library: Shared libraries an
ii libcomerr2 1.34+1.35-WIP-2003.08.21-3 The Common Error Description libra
ii libkrb53 1.4.3-5 MIT Kerberos runtime libraries
ii libpam-module 0.79-3.1 Pluggable Authentication Modules f
ii libpam-runtim 0.79-3.1 Runtime support for the PAM librar
ii libpam0g 0.76-6 Pluggable Authentication Modules l
ii libselinux1 1.30-1 SELinux shared libraries
ii libssl0.9.8 0.9.8a-5 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-clien 1:4.2p1-8 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-9 compression library - runtime
openssh-server recommends no packages.
-- debconf-show failed
Reply to: