Summary: | <sys-auth/pam_skey-1.1.5-r5: pam_skey.so does not erase cleartext passwords from memory (CVE-2013-4285) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Ulrich Müller <ulm> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | pam-bugs+disabled | ||||||
Priority: | Normal | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Ulrich Müller
2013-08-26 18:46:31 UTC
Created attachment 357114 [details, diff]
files/05_all_delete_response.patch
Attached patch should fix all such information leaks.
Created attachment 357116 [details]
pam_skey-1.1.5-r5.ebuild
CCing arches, can you test attached ebuild and patch on amd64 and x86 please? (In reply to Ulrich Müller from comment #3) > CCing arches, can you test attached ebuild and patch on amd64 and x86 please? It is fine here. Please commit as stable. CVE requested via the distros list. Arches, thanks. Waiting for CRD. pam_skey-1.1.5-r5 committed to CVS. Vulnerable versions removed. This issue is now public. This issue was resolved and addressed in GLSA 201402-12 at http://security.gentoo.org/glsa/glsa-201402-12.xml by GLSA coordinator Alex Legler (a3li). |