Ubuntu 15.10 LTS USN-2935-2 Critical: PAM Regression Security Issue
Mar 16, 2016
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
USN-2935-1 introduced a regression in PAM.
=========================================================================Ubuntu Security Notice USN-2935-2 March 16, 2016 pam regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2935-1 introduced a regression in PAM. Software Description: - pam: Pluggable Authentication Modules Details: USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, or possibly bypass authentication. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583) Sebastien Macke discovered that the PAM pam_unix module incorrectly handled large passwords. A local attacker could possibly use this issue in certain environments to enumerate usernames or cause a denial of service. (CVE-2015-3238) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libpam-modules 1.1.8-3.1ubuntu3.2 Ubuntu 14.04 LTS: libpam-modules 1.1.8-1ubuntu2.2 Ubuntu 12.04 LTS: libpam-modules 1.1.3-7ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2935-2 https://ubuntu.com/security/notices/USN-2935-1 https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1558114 Package Information: https://launchpad.net/ubuntu/+source/pam/1.1.8-3.1ubuntu3.2 https://launchpad.net/ubuntu/+source/pam/1.1.8-1ubuntu2.2 https://launchpad.net/ubuntu/+source/pam/1.1.3-7ubuntu2.2
PREVIOUS
NEXT
Ubuntu 15.10 LTS USN-2935-2 Critical: PAM Regression Security Issue
ubuntu
March 16, 2016
USN-2935-1 introduced a regression in PAM.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libpam-modules 1.1.8-3.1ubuntu3.2 Ubuntu 14.04 LTS: libpam-modules 1.1.8-1ubuntu2.2 Ubuntu 12.04 LTS: libpam-modules 1.1.3-7ubuntu2.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2935-2
https://ubuntu.com/security/notices/USN-2935-1
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1558114
Severity
critical
Lowest
Low
Medium
High
Critical
March 16, 2016
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/pam/1.1.8-3.1ubuntu3.2 https://launchpad.net/ubuntu/+source/pam/1.1.8-1ubuntu2.2 https://launchpad.net/ubuntu/+source/pam/1.1.3-7ubuntu2.2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!