1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3567-1] libpam-sshauth security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed May 4 21:50:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3567-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    May 04, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libpam-sshauth
    CVE ID : CVE-2016-4422

    It was discovered that libpam-sshauth, a PAM module to authenticate
    using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.

    For the stable distribution (jessie), this problem has been fixed in
    version 0.3.1-1+deb8u1.

    For the testing distribution (stretch), this problem has been fixed
    in version 0.4.1-2.

    For the unstable distribution (sid), this problem has been fixed in
    version 0.4.1-2.

    We recommend that you upgrade your libpam-sshauth packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJXKk9uAAoJEAVMuPMTQ89EjEEP/Re5Zlc+WLHuPuS27dD+a/av bwaiwd5d2hfS5mPZRhb/lSw6StsHfApjuG3CXi2ZUODLcWUNQPeNP6swcFmAN8Gy hIPbLmC127A9+ht7IqtZwMMBM3vvnKzF1+bPIgr2oep2dfE6PE2imC6wzkwSXmIG M3Hb2NCVGvJBgQTYZLkykC0BdGWGQ5dBAwcMZzVfBGvDcs1fhWhug/lx81HbNLQc +b58v68HyoU+HVMClsAxcsqmvZVXTm2eK95Y6iKzJfjFvuU1XtgWFfdR0LBo+zXV uYxFXVUXBKr8QMCZt6mk8UNNglj0Jm52NuRl3KiA3mo+SA0RVZNFmr3HSLFQa0XK y6v9jNCT7DAVe2A02F7nVj9tcjnplZ61rvt9lfHPcLQsWhM53mOEm5yucfJk9vp2 uSujlP8WFwLVbR32zLSTEFHMFqnA20zDkYxdeinJKKeoEsn7XrTq3itNmnQoRDi9 fswrbiVHVpc2TgSw42ek3YUPype4Ri5DkUFR47mPFUXoqeA2mNngKqUkrhIi7FC1 VEBSNquQCX+Qn84QFqEMI958KSD6qDYcm5Exz6GXWIKlq8pAQfydO3hSWgjTcLBh RlsVF+1dkWvcLR41eDJ7/zTIWZbJU0t//h16gLsX42dRBFDMYDawu5QoW2VGwtew g9bjfhTxRzheV444GKXH
    =PBTm
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From adiyaman@1:229/2 to All on Thu May 5 09:00:01 2016
    XPost: linux.debian.security
    From: [email protected]

    Bu modülü kullan mıyoruz.

    aşağıdaki debian 8 sunucular kontrol edildi;

    Ugur

    adalia
    angora
    ankyra
    ankyra2
    ankyram
    balina-yeni
    bargilya
    colossa
    daskileon
    didim
    dng01
    doron
    goknar
    imprx02
    kale
    korikos
    koryan
    magellan
    martin
    milet
    misya
    neocean
    pervari
    sestos
    tesla
    testos
    tisna


    05/04/2016 10:47 PM tarihinde Salvatore Bonaccorso yazdı:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3567-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    May 04, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libpam-sshauth
    CVE ID : CVE-2016-4422

    It was discovered that libpam-sshauth, a PAM module to authenticate
    using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.

    For the stable distribution (jessie), this problem has been fixed in
    version 0.3.1-1+deb8u1.

    For the testing distribution (stretch), this problem has been fixed
    in version 0.4.1-2.

    For the unstable distribution (sid), this problem has been fixed in
    version 0.4.1-2.

    We recommend that you upgrade your libpam-sshauth packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJXKk9uAAoJEAVMuPMTQ89EjEEP/Re5Zlc+WLHuPuS27dD+a/av bwaiwd5d2hfS5mPZRhb/lSw6StsHfApjuG3CXi2ZUODLcWUNQPeNP6swcFmAN8Gy hIPbLmC127A9+ht7IqtZwMMBM3vvnKzF1+bPIgr2oep2dfE6PE2imC6wzkwSXmIG M3Hb2NCVGvJBgQTYZLkykC0BdGWGQ5dBAwcMZzVfBGvDcs1fhWhug/lx81HbNLQc +b58v68HyoU+HVMClsAxcsqmvZVXTm2eK95Y6iKzJfjFvuU1XtgWFfdR0LBo+zXV uYxFXVUXBKr8QMCZt6mk8UNNglj0Jm52NuRl3KiA3mo+SA0RVZNFmr3HSLFQa0XK y6v9jNCT7DAVe2A02F7nVj9tcjnplZ61rvt9lfHPcLQsWhM53mOEm5yucfJk9vp2 uSujlP8WFwLVbR32zLSTEFHMFqnA20zDkYxdeinJKKeoEsn7XrTq3itNmnQoRDi9 fswrbiVHVpc2TgSw42ek3YUPype4Ri5DkUFR47mPFUXoqeA2mNngKqUkrhIi7FC1 VEBSNquQCX+Qn84QFqEMI958KSD6qDYcm5Exz6GXWIKlq8pAQfydO3hSWgjTcLBh RlsVF+1dkWvcLR41eDJ7/zTIWZbJU0t//h16gLsX42dRBFDMYDawu5QoW2VGwtew g9bjfhTxRzheV444GKXH
    =PBTm
    -----END PGP SIGNATURE-----

    _______________________________________________
    TSG-SYS mailing list
    [email protected]
    https://mailman.metu.edu.tr/mailman/listinfo/tsg-sys

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)