Risks
Advisories
Browse
or
or
Mandriva Linux Security Update Advisory - pam (MDVSA-2009:077)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory                         MDVSA-2009:077
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pam
Date    : March 21, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
          Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in pam:

Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt (CVE-2009-0887).

The updated packages have been patched to prevent this.

Additionally some development packages were missing that are required
to build pam for CS4, these are also provided with this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
210e7f58292fc3c903b22538c2be7295  2008.0/i586/libpam0-0.99.8.1-6.1mdv2008.0.i586.rpm
599ae39aa412bbd293b12c54c5c8105b 
2008.0/i586/libpam-devel-0.99.8.1-6.1mdv2008.0.i586.rpm
141f673610f93f1b9f26b8cb94ea38dc  2008.0/i586/pam-0.99.8.1-6.1mdv2008.0.i586.rpm
5aea57085d3baba905a05c5d1f29d29e  2008.0/i586/pam-doc-0.99.8.1-6.1mdv2008.0.i586.rpm

1d9551b97e8e4eb5af65ef8c251b5f4c  2008.0/SRPMS/pam-0.99.8.1-6.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
bc55a9ea37c3541fdf656238b46aa8c5 
2008.0/x86_64/lib64pam0-0.99.8.1-6.1mdv2008.0.x86_64.rpm
883efd2432eaddbc6a0421ea847c54d6 
2008.0/x86_64/lib64pam-devel-0.99.8.1-6.1mdv2008.0.x86_64.rpm
c0947a0c7442b415a4b39423c98a1e6f  2008.0/x86_64/pam-0.99.8.1-6.1mdv2008.0.x86_64.rpm
7c3ec5bfc9c9ca51959345d62158013c 
2008.0/x86_64/pam-doc-0.99.8.1-6.1mdv2008.0.x86_64.rpm 
1d9551b97e8e4eb5af65ef8c251b5f4c  2008.0/SRPMS/pam-0.99.8.1-6.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
2c9d674a712fc6b662ce99c9ab498075  2008.1/i586/libpam0-0.99.8.1-8.1mdv2008.1.i586.rpm
104fc3313ba8ed211850c62effe26a2b 
2008.1/i586/libpam-devel-0.99.8.1-8.1mdv2008.1.i586.rpm
82037a9570821f47da2f95a214c18f1a  2008.1/i586/pam-0.99.8.1-8.1mdv2008.1.i586.rpm
c96cf5d1f2311bcea54601a15e64eed2  2008.1/i586/pam-doc-0.99.8.1-8.1mdv2008.1.i586.rpm

d27ad78a0e3691c454f11548e5135504  2008.1/SRPMS/pam-0.99.8.1-8.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
b9cf6e7e251ad97d161bea4b88fa58b5 
2008.1/x86_64/lib64pam0-0.99.8.1-8.1mdv2008.1.x86_64.rpm
9e0818c288d1cf464e410d127bb69626 
2008.1/x86_64/lib64pam-devel-0.99.8.1-8.1mdv2008.1.x86_64.rpm
b371e10cdd5a1e2c2a142838eccc7f34  2008.1/x86_64/pam-0.99.8.1-8.1mdv2008.1.x86_64.rpm
fcdffc3dfd820cdad31dbe7696126e45 
2008.1/x86_64/pam-doc-0.99.8.1-8.1mdv2008.1.x86_64.rpm 
d27ad78a0e3691c454f11548e5135504  2008.1/SRPMS/pam-0.99.8.1-8.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
354f27c6c6fe417f0d408be7f983f9c5 
2009.0/i586/libpam0-0.99.8.1-16.1mdv2009.0.i586.rpm
18c14b61195c204d707847114d043ad6 
2009.0/i586/libpam-devel-0.99.8.1-16.1mdv2009.0.i586.rpm
9fa26fe7256872ac151e1007a3d0921c  2009.0/i586/pam-0.99.8.1-16.1mdv2009.0.i586.rpm
601c69d37b980098cdb3e626401b758c  2009.0/i586/pam-doc-0.99.8.1-16.1mdv2009.0.i586.rpm

69fcb3b23d5c26616ab9741276b9f2a0  2009.0/SRPMS/pam-0.99.8.1-16.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
936142c771482dc517230e105a9fc897 
2009.0/x86_64/lib64pam0-0.99.8.1-16.1mdv2009.0.x86_64.rpm
af6bf7ba3b78ba4d1e53f819c02896cf 
2009.0/x86_64/lib64pam-devel-0.99.8.1-16.1mdv2009.0.x86_64.rpm
919e004be5df3d39de7126b4f71d524b 
2009.0/x86_64/pam-0.99.8.1-16.1mdv2009.0.x86_64.rpm
24f90b1d7c77b2451cbff0c094dfaba1 
2009.0/x86_64/pam-doc-0.99.8.1-16.1mdv2009.0.x86_64.rpm 
69fcb3b23d5c26616ab9741276b9f2a0  2009.0/SRPMS/pam-0.99.8.1-16.1mdv2009.0.src.rpm

Corporate 3.0:
bbccb95ef2d489cad5008aff0d477ad6 
corporate/3.0/i586/libpam0-0.77-12.2.C30mdk.i586.rpm
a0e07a330f09ec25341075217f38fef7 
corporate/3.0/i586/libpam0-devel-0.77-12.2.C30mdk.i586.rpm
2e3005d760e72a6222c7aa0ff3da4708  corporate/3.0/i586/pam-0.77-12.2.C30mdk.i586.rpm
b7e31f39ccadadbb2f5444a00fff6497 
corporate/3.0/i586/pam-doc-0.77-12.2.C30mdk.i586.rpm 
293b1a6e0c32005069e5390bd6b0b3b8  corporate/3.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
7bbb844351309190676f4fbe9ce62e70 
corporate/3.0/x86_64/lib64pam0-0.77-12.2.C30mdk.x86_64.rpm
25c16ee4d718a9e260c153c6983f5d2b 
corporate/3.0/x86_64/lib64pam0-devel-0.77-12.2.C30mdk.x86_64.rpm
249311fb9fd0c43506a11f1cce32c979 
corporate/3.0/x86_64/pam-0.77-12.2.C30mdk.x86_64.rpm
309ae91641c19729263eab22709cf52e 
corporate/3.0/x86_64/pam-doc-0.77-12.2.C30mdk.x86_64.rpm 
293b1a6e0c32005069e5390bd6b0b3b8  corporate/3.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm

Corporate 4.0:
020800834f4ce964fae630a85cf627c5 
corporate/4.0/i586/cracklib-dicts-2.8.3-1.1.20060mlcs4.i586.rpm
8b751aa75911ff9b169812cce188e307 
corporate/4.0/i586/libcrack2-2.8.3-1.1.20060mlcs4.i586.rpm
98e07f212a2b18fcc83407ee554262f7 
corporate/4.0/i586/libcrack2-devel-2.8.3-1.1.20060mlcs4.i586.rpm
f19159f721379636f53c4266036310ec 
corporate/4.0/i586/libpam0-0.77-31.1.20060mlcs4.i586.rpm
37cf1f3f4e2765a1ca9a5869430c0a1d 
corporate/4.0/i586/libpam0-devel-0.77-31.1.20060mlcs4.i586.rpm
1e068b619020a011addb397f962a8a4d 
corporate/4.0/i586/libpwdb0-0.62-2.1.20060mlcs4.i586.rpm
3507f0ae0f11686a4607e15cc069edc2 
corporate/4.0/i586/libpwdb0-devel-0.62-2.1.20060mlcs4.i586.rpm
f29b17d7aca88aa620866e19ef1b755f 
corporate/4.0/i586/libpwdb0-static-devel-0.62-2.1.20060mlcs4.i586.rpm
949a4fcfc69cd11c7c47de603a2100c1 
corporate/4.0/i586/pam-0.77-31.1.20060mlcs4.i586.rpm
4364562c4a910a98c3d9ef678ea5be73 
corporate/4.0/i586/pam-doc-0.77-31.1.20060mlcs4.i586.rpm
9ead568ec16bb8e44d4c1f7d2a365ede 
corporate/4.0/i586/pwdb-conf-0.62-2.1.20060mlcs4.i586.rpm 
8613c335b195ec91515c7023ddca8251 
corporate/4.0/SRPMS/cracklib-2.8.3-1.1.20060mlcs4.src.rpm
fa57a88a81dc3169ab8b68c1e75db1ac 
corporate/4.0/SRPMS/pam-0.77-31.1.20060mlcs4.src.rpm
56b00aefdde6512b79bc17d2a6004036 
corporate/4.0/SRPMS/pwdb-0.62-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5b809c44a34936ca88509749998ebcc2 
corporate/4.0/x86_64/cracklib-dicts-2.8.3-1.1.20060mlcs4.x86_64.rpm
8345ad73abbef63e19fc6c10d721a216 
corporate/4.0/x86_64/lib64crack2-2.8.3-1.1.20060mlcs4.x86_64.rpm
30f5aa853c8e0cc5a1e3da5e88da8862 
corporate/4.0/x86_64/lib64crack2-devel-2.8.3-1.1.20060mlcs4.x86_64.rpm
1f8e87d48ca798327134a45650fddc28 
corporate/4.0/x86_64/lib64pam0-0.77-31.1.20060mlcs4.x86_64.rpm
587942a0d0d8c45b100695ad6f02f734 
corporate/4.0/x86_64/lib64pam0-devel-0.77-31.1.20060mlcs4.x86_64.rpm
549e1b91bda1bd15705f4a2c39a16cd1 
corporate/4.0/x86_64/lib64pwdb0-0.62-2.1.20060mlcs4.x86_64.rpm
f2118437e903344719a3a17a133aaabd 
corporate/4.0/x86_64/lib64pwdb0-devel-0.62-2.1.20060mlcs4.x86_64.rpm
10fbc050e5ecab37e22eb0fad9d06040 
corporate/4.0/x86_64/lib64pwdb0-static-devel-0.62-2.1.20060mlcs4.x86_64.rpm
6844a774f0011d019262871788fc3198 
corporate/4.0/x86_64/pam-0.77-31.1.20060mlcs4.x86_64.rpm
f0a1d78b5d2d4009b91b8835a10896bf 
corporate/4.0/x86_64/pam-doc-0.77-31.1.20060mlcs4.x86_64.rpm
165f252bb3803896dbb144f43bbac8b2 
corporate/4.0/x86_64/pwdb-conf-0.62-2.1.20060mlcs4.x86_64.rpm 
8613c335b195ec91515c7023ddca8251 
corporate/4.0/SRPMS/cracklib-2.8.3-1.1.20060mlcs4.src.rpm
fa57a88a81dc3169ab8b68c1e75db1ac 
corporate/4.0/SRPMS/pam-0.77-31.1.20060mlcs4.src.rpm
56b00aefdde6512b79bc17d2a6004036 
corporate/4.0/SRPMS/pwdb-0.62-2.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
b22d14cb9f2fa4616f2588f7d234ee35  mnf/2.0/i586/libpam0-0.77-12.2.C30mdk.i586.rpm
e5d1a3942552398ce1ece9a0b43036fa 
mnf/2.0/i586/libpam0-devel-0.77-12.2.C30mdk.i586.rpm
d1ac0a9dff1944381e3699a1037e2936  mnf/2.0/i586/pam-0.77-12.2.C30mdk.i586.rpm
9ac370aa7b2ac02038a7849e8bf27942  mnf/2.0/i586/pam-doc-0.77-12.2.C30mdk.i586.rpm 
44899571f6a74e53c97d3bf1f5ebd859  mnf/2.0/SRPMS/pam-0.77-12.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.  You can obtain the
GPG public key of the Mandriva Security Team by executing:

 gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

 http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

 security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJxRFhmqjQ0CJFipgRAlJkAJ40e3eBCOtkxCmUZ1plFMlZEWk/lgCeKpCG
0nfvCvq+dhD8O8v0t1Yg1dc=
=HveO
-----END PGP SIGNATURE-----




Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //