-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 29 Jan 2009 15:42:10 -0800 Source: libpam-krb5 Binary: libpam-krb5 Architecture: source i386 Version: 3.11-4 Distribution: testing-security Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libpam-krb5 - PAM module for MIT Kerberos Changes: libpam-krb5 (3.11-4) testing-security; urgency=high . * SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore user environment variables that specify the local keytab and Kerberos configuration. Protects against a privilege escalation vulnerability. * SECURITY (CVE-2009-0361): Protect against applications calling pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid context. This API call is designed to reinitialize an existing Kerberos ticket cache and therefore trusts the KRB5CCNAME environment variable, but in a setuid context, this may allow overwriting arbitrary files. Checksums-Sha1: 201fea96d5d9acf594e1eee4fd2b0e5ac4e23c5f 1214 libpam-krb5_3.11-4.dsc 672fe51367c336bea93d67be41afb06bece63e4b 149399 libpam-krb5_3.11.orig.tar.gz 23ede7186cec5d0604412bdefd1310960b483260 15156 libpam-krb5_3.11-4.diff.gz b773a9ea3097c01c566fd5b805c3b213ed7af8ab 61914 libpam-krb5_3.11-4_i386.deb Checksums-Sha256: fae07b1431d1d9d937105fd7a183772da23ed714c51a189f53dc9093d146e9f4 1214 libpam-krb5_3.11-4.dsc 8bfdbc7eeb4e9db781e8c37b8da3b8c7e546c357cc2973e0b92e2cb83555b2db 149399 libpam-krb5_3.11.orig.tar.gz bffa5e93fbb05ac3caa1b7b36590e8fe5ef6fc7d180ba1dfe0f157acf3b9b94a 15156 libpam-krb5_3.11-4.diff.gz 770dbb1e6c9f7a7cc29b71abbfcbba14cee3144b076abfae7dbfeda8dc257faf 61914 libpam-krb5_3.11-4_i386.deb Files: d17155b357a46e48a0202ba4a5f1ab87 1214 net optional libpam-krb5_3.11-4.dsc ba94e7bfd5255705b6fc1c137834f79a 149399 net optional libpam-krb5_3.11.orig.tar.gz 225752a8e6d412024d32c6f1afa26019 15156 net optional libpam-krb5_3.11-4.diff.gz 6a136bf7f4c6185abc540cafbde82ffd 61914 net optional libpam-krb5_3.11-4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmJIKQACgkQ+YXjQAr8dHaAtgCeLYu/9RT3I0hmzJqW7b4po4ve JJkAmwQuY3Vv0Aj99MpAO5iGa+hERutZ =6P11 -----END PGP SIGNATURE----- Accepted: libpam-krb5_3.11-4.diff.gz to pool/main/libp/libpam-krb5/libpam-krb5_3.11-4.diff.gz libpam-krb5_3.11-4.dsc to pool/main/libp/libpam-krb5/libpam-krb5_3.11-4.dsc libpam-krb5_3.11-4_i386.deb to pool/main/libp/libpam-krb5/libpam-krb5_3.11-4_i386.deb
