Summary: | sys-libs/pam: unix_chkpwd doesn't verify requesting user with SELinux (CAN-2005-2977) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Chris PeBenito (RETIRED) <pebenito> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | tigger | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B4? [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Chris PeBenito (RETIRED)
2005-10-16 10:03:44 UTC
Further information here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168180 *** Bug 109486 has been marked as a duplicate of this bug. *** Created attachment 71286 [details, diff]
pam-0.77-can-2005-2977.patch
This tests ok, so how to procede?
Oops, missed that bug because it wasn't assigned to security. This should be committed to Portage after release date. Security: please vote on GLSA need Public now. pam-0.78-r3 committed Committed directly with correct keywords, so ready for GLSA vote. I vote yes given the sensitive nature of SELinux. I vote YES too. GLSA 200510-22 |