You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libpam-radius-auth

Sigurnosni nedostatak programske biblioteke libpam-radius-auth

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4290-2
March 03, 2020

libpam-radius-auth vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

libpam-radius-auth could be made to crash if it received specially crafted
network traffic.

Software Description:
– libpam-radius-auth: The PAM RADIUS authentication module

Details:

USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that libpam-radius-auth incorrectly handled certain long
passwords. A remote attacker could possibly use this issue to cause
libpam-radius-auth to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libpam-radius-auth 1.3.17-0ubuntu4+esm1

Ubuntu 12.04 ESM:
libpam-radius-auth 1.3.17-0ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4290-2
https://usn.ubuntu.com/4290-1
CVE-2015-9542
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl5eUkwACgkQRbznW4QL
H2kBmRAAmPTqBo2p8VDB5AKi6/haoVRaV8qqZoy/QJnmtJna/Zl+Tlgl+15bXstH
jDp36jynN0wGkjpYLf3RkAYLa+pNY3xyvlLSvtHuoxHmN1ke77/U1GWXY1nEdh22
MRqjAaXeBA9po6srhz7a8herjhowTD8mA++DUupVhMjEiCtRavV1X1lPY6ppgxrK
jBblZOAR03gmpvet3/CFn+m5Jwe3ucZo+H+Ul9ehgwvL121AtCwY0q95BEzjMefC
VXlIVoq8zF0zYHHXdI2cfz7YqU9xcARc19QVXRwDroLe16MQ51WNlXNhiRLvvSdJ
1VScDZyKEFrlI3nA4exwJM7oZ0Cq/yxYtl53o8cKFlrb9V0rtaRjm33tgKUmll2E
0trjJtrnAWublFi74WmJqf9jRQ6Tu5UTv5c9qXWZEA86vKM3Rz2eTIiHHaFn6S1S
59VuxYVpzwg/Rx/X1dH6b9uofgV2AmgE68E2QpfNfK1cN5BYlne0/IniW0oyaBZm
aHIrjFFW4XkKYSqJWBpQ7Jr/OgM3IxX51ag1GP/W5GCds0u/oS7+mWEjOS/WXjJh
dY6FjJEW0PZmnGORsFLmPz4DYy+P1w0D8pck/VLTVRaVVoz9nCECXst3wGEkL17D
OpvlAHP7lHNJ43BIi6u25CcQisNMkZ6GubmGo90Q+3u50BjefEM=
=fWHs
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja ili izvršavanje proizvoljnog...

Close