Package: libpam-mysql Severity: important Tags: security
Hello, CVE-2005-4713 and CVE-2006-0056 indicate that there are two vulnerabilities in libpam-mysql. The first is a remote debian of service vulnerability in the SQL logging facility of libpam-mysql. The second is a "double-free" vulnerability. These issues allow local *and* remote attackers to execute arbitrary machine code in the context of the affected module. Attackers may also crash applications that use the PAM module, denying service to legitimate users. Applications that execute the PAM module with superuser privileges will allow attackers to completely compromise affected computers. According to http://www.securityfocus.com/bid/16564 the versions in oldstable (woody), stable (sarge) and testing/unstable are all vulnerabile to this issue. The vendor has released versions 0.6.2 and 0.7pre3 of the affected package to address these issues. The official advisory is here: http://sourceforge.net/forum/forum.php?forum_id=499394 Please mention these CVE ids in any changelog addressing this issue. Thanks, Micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
