Security update for pam (important)

2011-11-02T23:08:31
ID SUSE-SU-2011:1205-1
Type suse
Reporter Suse
Modified 2011-11-02T23:08:31

Description

The pam_env module is vulnerable to a stack overflow (CVE-2011-3148) and a DoS condition (CVE-2011-3149) when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed (CVE-2010-3316).