You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libpam-tacplus

Sigurnosni nedostatak programske biblioteke libpam-tacplus

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4521-1
September 21, 2020

libpam-tacplus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

pam_tacplus could be made to expose sensitive information.

Software Description:
– libpam-tacplus: PAM module for using TACACS+ as an authentication service

Details:

It was discovered that pam_tacplus did not properly manage shared
secrets if DEBUG loglevel and journald are used. A remote attacker could
use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libpam-tacplus 1.3.8-2+deb8u1build0.20.04.1

Ubuntu 18.04 LTS:
libpam-tacplus 1.3.8-2+deb8u1build0.18.04.1

Ubuntu 16.04 LTS:
libpam-tacplus 1.3.8-2+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4521-1
CVE-2020-13881

Package Information:

https://launchpad.net/ubuntu/+source/libpam-tacplus/1.3.8-2+deb8u1build0.20.04.1

https://launchpad.net/ubuntu/+source/libpam-tacplus/1.3.8-2+deb8u1build0.18.04.1

https://launchpad.net/ubuntu/+source/libpam-tacplus/1.3.8-2+deb8u1build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9ozDgACgkQW+PTAFZK
yRhaRw//WMRDUZYIkj4JsqPW7ZakLr6nhAdGE4f1Huh7LL2C77U5SyVzAVcQlIHn
eMgFyVWIul6ZyBp3K020nYc0SuAtd7GWKtmsbIL4OyyDRUV5tju8Kfs9gl8TcaXM
JtL7OTr/1pgfXkvtKQUFP7d208yaKzv1tl29mXF/ByX1m8aB3ztOhSS6NcV+4sat
cW5I5hWC3RmXs1/E7UhTG2ZE9dH6REMCU/nMooplYa5yW4JEobN55cgrrcJB/ciD
ubWzZnYf+HU4AY1eIkEZD0DwdwJdZPPk05WjCHRPa/k7C76dPDXgFgI1JD1/cDdz
sCJk0O1lTQnBd7mBv9uvJzSZdZFvI6+65pnT1ApGMUtorHOqHYU+BaDUC8Yu6vwU
QXDb8a0eoquxARJOq7IksXA6xzGksqv4lMla6f4SghTn+VfffzosTXbOqPDXmEQT
aKyXnmLBSVyTl0KnLWPoXabOGgqhjomCXz6wBcRnTuGQb2zXrCU1s/KwfdBEBPm8
v+/pbfKhO0n9OsPKsjINz82kO6ssL2hepEKXD2povd/qyif3uc9dOl60/9rqm3eB
IRAinUw+0143VjBJCWufknKoP2ZGzMAFiBjEuc1O2UbYqFNM4k6fzpalV7HX8thn
DmeAjADCkIDmkBjXGG9nleQ96BJh6zcvQ50dug3jRBS4ZfAShWY=
=veXM
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa virtualbox

Otkriven je veći broj sigurnosnih nedostataka u programskom paketu virtualbox za operacijski sustav openSUSE. Otkriveni nedostatci potencijalnim napadačima omogućuju narušavanje...

Close