Pam-python could be made to crash or run programs as an administrator if certain environment variables are set.. =========================================================================Ubuntu Security Notice USN-4552-1 September 28, 2020 pam-python vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Pam-python could be made to crash or run programs as an administrator if certain environment variables are set. Software Description: - pam-python: Enables PAM modules to be written in Python Details: Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpam-python 1.0.6-1.1+deb10u1build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4552-1 CVE-2019-16729 Package Information: https://launchpad.net/ubuntu/+source/pam-python/1.0.6-1.1+deb10u1build0.18.04.1 -- ubuntu-security-announce mailing list
Get the latest Linux and open source security news straight to your inbox.