EUVD-2011-4957

Malware in sbrugna...

Fedora 27 : openssh (2017-96d1995b70)

This update provides new upstream release OpenSSH 7.6 with several bug fixes and new features, including CVE-2017-15906, compatibility with WinSCP, improvement for PAM stack, enablement for s390x sandbox, new GSSAPI key exchange methods and improvement of handling kerberos tickets. Note that...

CVE-2011-5054

kcheckpass passes a user-supplied argument to the pamstart function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122...

Design/Logic Flaw

kcheckpass passes a user-supplied argument to the pamstart function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122...

CVE-2011-5054

kcheckpass passes a user-supplied argument to the pamstart function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122...

Portable OpenSSH server PAM conversion stack corruption

Overview There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack. Description The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the...