Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1117-1

Опубликовано: 27 апр. 2020
Источник: suse-cvrf

Описание

Security update for pam_radius

This update for pam_radius fixes the following issues:

  • CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933).
  • On s390x didn't decrypt passwords correctly (bsc#1141670).

Список пакетов

HPE Helion OpenStack 8
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Enterprise Storage 5
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP1-LTSS
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP2-BCL
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP2-LTSS
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP3-BCL
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP3-LTSS
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP4
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server 12 SP5
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE OpenStack Cloud 7
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE OpenStack Cloud 8
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1
SUSE OpenStack Cloud Crowbar 8
pam_radius-1.3.16-239.4.1
pam_radius-32bit-1.3.16-239.4.1

Ссылки

Описание

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Затронутые продукты
HPE Helion OpenStack 8:pam_radius-1.3.16-239.4.1
HPE Helion OpenStack 8:pam_radius-32bit-1.3.16-239.4.1
SUSE Enterprise Storage 5:pam_radius-1.3.16-239.4.1
SUSE Enterprise Storage 5:pam_radius-32bit-1.3.16-239.4.1
Ссылки