Package "libpam-cracklib"
Name: |
libpam-cracklib
|
Description: |
PAM module to enable cracklib support
|
Latest version: |
1.1.3-7ubuntu2.3 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
pam |
Homepage: |
http://pam.sourceforge.net/ |
Links
Download "libpam-cracklib"
Other versions of "libpam-cracklib" in Precise
Changelog
pam (1.1.3-7ubuntu2.3) precise-security; urgency=medium
* SECURITY REGRESSION: multiarch update issue (LP: #1558597)
- debian/patches-applied/cve-2015-3238.patch: Readd the manpage XML
changes and also add the regenerated man pages to the patch. It is
required to add the regenerated man pages to the patch because the build
dependencies to regenerate the man pages are only installed during i386
builds.
- debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Add
the changes after regenerating pam_umask.8 to the patch for the reasons
mentioned above.
-- Tyler Hicks <email address hidden> Thu, 17 Mar 2016 13:14:44 -0500
|
Source diff to previous version |
1558597 |
package libpam-modules 1.1.3-7ubuntu2.2 failed to install/upgrade: './usr/share/man/man8/pam_umask.8.gz' is different from the same file on the syste |
|
pam (1.1.3-7ubuntu2.2) precise-security; urgency=medium
* SECURITY REGRESSION: multiarch update issue (LP: #1558114)
- debian/patches-applied/cve-2015-3238.patch: removed manpage changes
so they don't get regenerated during build.
- CVE-2015-3238
-- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 13:32:15 -0400
|
Source diff to previous version |
1558114 |
package libpam-modules 1.1.8-3.1ubuntu3.1 failed to install/upgrade: trying to overwrite shared '/usr/share/man/man8/pam_unix.8.gz', which is differe |
CVE-2015-3238 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc |
|
pam (1.1.3-7ubuntu2.1) precise-security; urgency=medium
* SECURITY UPDATE: pam_userdb case-insensitive search issue
- debian/patches-applied/cve-2013-7041.patch: fix password hash
comparison in modules/pam_userdb/pam_userdb.c.
- CVE-2013-7041
* SECURITY UPDATE: directory traversal issue in pam_timestamp
- debian/patches-applied/cve-2014-2583.patch: fix potential directory
traversal issue in modules/pam_timestamp/pam_timestamp.c.
- CVE-2014-2583
* SECURITY UPDATE: username enumeration via large passwords
- debian/patches-applied/cve-2015-3238.patch: limit password size to
prevent a helper function hang in modules/pam_exec/pam_exec.8.xml,
modules/pam_exec/pam_exec.c, modules/pam_unix/pam_unix.8.xml,
modules/pam_unix/pam_unix_passwd.c, modules/pam_unix/passverify.c,
modules/pam_unix/passverify.h, modules/pam_unix/support.c.
- CVE-2015-3238
-- Marc Deslauriers <email address hidden> Tue, 15 Mar 2016 15:31:29 -0400
|
CVE-2013-7041 |
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password v |
CVE-2014-2583 |
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create |
CVE-2015-3238 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows loc |
|
About
-
Send Feedback to @ubuntu_updates