pam-1.1.1-13.AXS4

エラータID: AXSA:2013-122:01

Release date: 
Wednesday, March 6, 2013 - 12:31
Subject: 
pam-1.1.1-13.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication.

Security issues fixed with this release:

• CVE-2011-3148
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

• CVE-2011-3149
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

Solution: 

Update packages.

CVEs: 
CVE-2011-3148
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
CVE-2011-3149
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
Additional Info: 

N/A

Download: 

SRPMS
  1. pam-1.1.1-13.AXS4.src.rpm
    MD5: 10228f1cf6252950bda74ceecfcd880c
    SHA-256: 6f4a5a3753c72d37ee4f391dc5c1c4dffd2f512b2d8ff882aa605b0e005a79f6
    Size: 1.23 MB

Asianux Server 4 for x86
  1. pam-1.1.1-13.AXS4.i686.rpm
    MD5: ff30d19a456aa334a8510211db1fffbf
    SHA-256: d05bf8f535ba5cdc34f93105f441c9f5bd753b0705de3d2ab318a3ed207cb608
    Size: 658.03 kB
  2. pam-devel-1.1.1-13.AXS4.i686.rpm
    MD5: ae4a023ae938a237d1eb9e915bdbdaeb
    SHA-256: 1d080903e7860ef9bc21cf7440505143659b37d3a93cdee2e184d42c317e08df
    Size: 203.80 kB

Asianux Server 4 for x86_64
  1. pam-1.1.1-13.AXS4.x86_64.rpm
    MD5: 4552d242263e02c3c2344d74f4edcbbe
    SHA-256: c7e266931bfc3d33b9277c087ccd365b8a4f3419255e1d4f53cdc89394893c78
    Size: 657.12 kB
  2. pam-devel-1.1.1-13.AXS4.x86_64.rpm
    MD5: fd2c1a90707d409467ccb2659afd81bf
    SHA-256: b1db5b1e6979cfdaa537d82d2b70d1c84433503ef520a29a2eeb2ef88a91113c
    Size: 203.41 kB
  3. pam-1.1.1-13.AXS4.i686.rpm
    MD5: ff30d19a456aa334a8510211db1fffbf
    SHA-256: d05bf8f535ba5cdc34f93105f441c9f5bd753b0705de3d2ab318a3ed207cb608
    Size: 658.03 kB
  4. pam-devel-1.1.1-13.AXS4.i686.rpm
    MD5: ae4a023ae938a237d1eb9e915bdbdaeb
    SHA-256: 1d080903e7860ef9bc21cf7440505143659b37d3a93cdee2e184d42c317e08df
    Size: 203.80 kB