SUSE: 2011:1205-2 Critical Security: PAM Buffer Overflow and DoS Issues

suse

November 2, 2011

An update that fixes three vulnerabilities is now available

Summary

Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/33984_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for pam
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1205-1
Rating:             important
References:         #631802 #703187 #724480 
Cross-References:   CVE-2010-3316 CVE-2011-3148 CVE-2011-3149
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   The pam_env module is vulnerable to a stack overflow
   (CVE-2011-3148) and a  DoS condition (CVE-2011-3149) when
   parsing users .pam_environment files.  Additionally a
   missing return value check inside pam_xauth has been fixed
   (CVE-2010-3316).

   Security Issue references:

   * CVE-2011-3148
   
   * CVE-2011-3149
   
   * CVE-2010-3316
   



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      pam-0.99.6.3-28.25.4
      pam-devel-0.99.6.3-28.25.4

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      pam-32bit-0.99.6.3-28.25.4
      pam-devel-32bit-0.99.6.3-28.25.4

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      pam-x86-0.99.6.3-28.25.4

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      pam-64bit-0.99.6.3-28.25.4
      pam-devel-64bit-0.99.6.3-28.25.4

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      pam-0.99.6.3-28.25.4
      pam-devel-0.99.6.3-28.25.4

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      pam-32bit-0.99.6.3-28.25.4


References:

   https://www.suse.com/security/cve/CVE-2010-3316.html
   https://www.suse.com/security/cve/CVE-2011-3148.html
   https://www.suse.com/security/cve/CVE-2011-3149.html

Topics Covered

security advisory security issue DoS important SUSE Linux stack overflow pam

References

Severity

important

Lowest

Low

Medium

High

Critical

Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/33984_c1d2d4f425d79c8c327f2b8603847ec6 on line 11

Topics Covered

security advisory security issue DoS important SUSE Linux stack overflow pam

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2011:1205-2 Critical Security: PAM Buffer Overflow and DoS Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2011:1205-2 Critical Security: PAM Buffer Overflow and DoS Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!