Stay Secure with the Latest Linux Advisories

security advisorydenial of servicegentoo

Gentoo: GLSA-201507-09 Normal: Arbitrary Code Execution in PyPAM

A double free vulnerability in PyPAM could result in execution of arbitrary code or Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PyPAM: Arbitrary code execution Date: July 09, 2015 Bugs: #407603 ID: 201507-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A double free vulnerability in PyPAM could result in execution of arbitrary code or Denial of Service. Background ========= PyPAM is a PAM binding for Python. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/pypam < 0.5.0-r3 > = 0.5.0-r3 Description ========== PyPAM does not handle passwords correctly if there is NULL byte in the string. Impact ===== A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All PyPAM users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-python/pypam-0.5.0-r3" References ========= [ 1 ] CVE-2012-1502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1502 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any securityconcerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The Gentoo GLSA 202308-15 addresses a critical buffer overflow vulnerability in LibXYZ that may allow attackers to execute arbitrary code or cause application crashes.. Gentoo PyPAM Advisory, Arbitrary Code Execution, Denial of Service, Security Patch. . LinuxSecurity.com Team

Jul 09, 2015 Gentoo