Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Sat, 06 Sep 2008 08:42:39 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
CC: Till Maas <opensource@...l.name>, fedora-security-list@...hat.com,
        coley@...re.org
Subject: CVE request: pam_mount: conf: re-add luserconf security checks

Till Maas wrote:
> On Fri September 5 2008, Till Maas wrote:
> 
>> pam_mount just released an update that fixes a security vulnerability:
>> https://sourceforge.net/project/shownotes.php?release_id=624240
> 
> Will someone create the needed tracking bugs[1] for this and maybe request / 
> assign a CVE number?

This email was posted in fedora-security-list@...

v0.47 (September 04 2008)
=========================
This release incorporates a security fix (item 3 on the list).
All administrators who have enabled <luserconf> in the configuration
file should upgrade. A workaround is to comment out <luserconf>.

- mount.crypt: add missing null command to conform to sh syntax
  (SF bug #2089446)
- conf: fix printing of strings when luser volume options were not ok
- conf: re-add luserconf security checks
[...]

https://sourceforge.net/project/shownotes.php?release_id=624240
http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux