| ||||||||||||||||
Fedora alert FEDORA-2008-7973 (pam_mount)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7973 2008-09-11 11:06:52 -------------------------------------------------------------------------------- Name : pam_mount Product : Fedora 8 Version : 0.47 Release : 1.fc8 URL : http://pam-mount.sourceforge.net/ Summary : A PAM module that can mount volumes for a user session Description : This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as (semi-)diskless stations where many users can logon. The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted volumes. This includes SMB/CIFS, NCP, davfs2, FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt. If you intend to use pam_mount to protect volumes on your computer using an encrypted filesystem system, please know that there are many other issues you need to consider in order to protect your data. For example, you probably want to disable or encrypt your swap partition. Don't assume a system is secure without carefully considering potential threats. -------------------------------------------------------------------------------- Update Information: A security flaw in the pam_mount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message sent to the pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou. qr The pam_mount facility now uses a configuration file written in XML. The /etc/security/pam_mount.conf file will be converted to /etc/security/pam_mount.conf.xml during update with /usr/bin/convert_pam_mount_conf.pl, which removes all comments. Any per-user configuration files must be converted manually, with the conversion script if desired. A sample pam_mount.conf.xml file with detailed comments about the available options appears at /usr/share/doc/pam_mount-*/pam_mount.conf.xml. Note: This update also introduces a new version of libHX, which is required by updated pam_mount. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 5 2008 Till Maas <opensource@till.name> - 0.47-1 - Update to new version that includes a security fix: https://sourceforge.net/project/shownotes.php?release_id=... - Add lzma BR and unpack source manually - Update libHX requirements - add new binary * Mon Jun 23 2008 Till Maas <opensource@till.name> - 0.41-2 - Add patch to fix <or> handling in config file, reference: Red Hat Bugzilla #448485 comment 9 http://sourceforge.net/tracker/index.php?func=detail&... comment from 2008-06-19 10:29 * Tue Jun 17 2008 Till Maas <opensource till name> - 0.41-1 - Update to new version * Wed Jun 11 2008 Till Maas <opensource till name> - 0.40-1 - Update to new version - set make variable V for full compiler commandline * Mon May 5 2008 Till Maas <opensource till name> - 0.35-1 - Update to new version - Use $RPM_BUILD_ROOT instead of %{buildroot} - Update description - create and own %{_localstatedir}/run/pam_mount * Sun Feb 24 2008 Till Maas <opensource till name> - 0.33-1 - update to new version * Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.32-3 - Autorebuild for GCC 4.3 * Mon Jan 7 2008 Till Maas <opensource till name> - 0.32-2 - fix config conversion scriptlet * Mon Jan 7 2008 Till Maas <opensource till name> - 0.32-1 - update to new version - add default/example config to %doc * Wed Dec 5 2007 Release Engineering <rel-eng at fedoraproject dot org> - 0.29-2 - Rebuild for deps * Wed Oct 10 2007 Till Maas <opensource till name> - 0.29-1 - bump to new version - remove uneeded patches - add config file conversion script and convert config in %post -------------------------------------------------------------------------------- References: [ 1 ] Bug #461464 - pam_mount: missing luserconf security checks https://bugzilla.redhat.com/show_bug.cgi?id=461464 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pam_mount' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||