pam: fixing stack overflow (CVE-2011-3148) and DoS (CVE-2011-3149) (important)

2011-11-0222:08:18

lists.opensuse.org

0.0004 Low

EPSS

Percentile

5.7%

JSON

The pam_env module is vulnerable to a stack overflow
(CVE-2011-3148) and a DoS condition (CVE-2011-3149) when
parsing users .pam_environment files.

OSVersionArchitecturePackageVersionFilename
openSUSE11.4x86_64pam-devel< 1.1.3-4.9.1pam-devel-1.1.3-4.9.1.x86_64.rpm
openSUSE11.4x86_64pam< 1.1.3-4.9.1pam-1.1.3-4.9.1.x86_64.rpm
openSUSE11.4x86_64pam-32bit< 1.1.3-4.9.1pam-32bit-1.1.3-4.9.1.x86_64.rpm
openSUSE11.4i586pam< 1.1.3-4.9.1pam-1.1.3-4.9.1.i586.rpm
openSUSE11.4i586pam-devel< 1.1.3-4.9.1pam-devel-1.1.3-4.9.1.i586.rpm
openSUSE11.4x86_64pam-devel-32bit< 1.1.3-4.9.1pam-devel-32bit-1.1.3-4.9.1.x86_64.rpm
openSUSE11.4i586pam-doc< 1.1.3-4.9.1pam-doc-1.1.3-4.9.1.i586.rpm
openSUSE11.4x86_64pam-doc< 1.1.3-4.9.1pam-doc-1.1.3-4.9.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	11.4	x86_64	pam-devel	< 1.1.3-4.9.1	pam-devel-1.1.3-4.9.1.x86_64.rpm
openSUSE	11.4	x86_64	pam	< 1.1.3-4.9.1	pam-1.1.3-4.9.1.x86_64.rpm
openSUSE	11.4	x86_64	pam-32bit	< 1.1.3-4.9.1	pam-32bit-1.1.3-4.9.1.x86_64.rpm
openSUSE	11.4	i586	pam	< 1.1.3-4.9.1	pam-1.1.3-4.9.1.i586.rpm
openSUSE	11.4	i586	pam-devel	< 1.1.3-4.9.1	pam-devel-1.1.3-4.9.1.i586.rpm
openSUSE	11.4	x86_64	pam-devel-32bit	< 1.1.3-4.9.1	pam-devel-32bit-1.1.3-4.9.1.x86_64.rpm
openSUSE	11.4	i586	pam-doc	< 1.1.3-4.9.1	pam-doc-1.1.3-4.9.1.i586.rpm
openSUSE	11.4	x86_64	pam-doc	< 1.1.3-4.9.1	pam-doc-1.1.3-4.9.1.x86_64.rpm