pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)

2011-11-03T00:08:35
ID OPENSUSE-SU-2011:1208-1
Type suse
Reporter Suse
Modified 2011-11-03T00:08:35

Description

The pam_env module is vulnerable to a stack overflow (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed (CVE-2010-3316).