Debian alert DLA-2116-1 (libpam-radius-auth)

From:
             
 
Utkarsh Gupta <utkarsh@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2116-1] libpam-radius-auth security update 
Date:
             
 
Sat, 22 Feb 2020 23:03:37 +0530
Message-ID:
             
 
<8c19c76d-404e-4fcb-521a-665ba3bf9372@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libpam-radius-auth
Version        : 1.3.16-4.4+deb8u1
CVE ID         : CVE-2015-9542
Debian Bug     : 951396


A vulnerability was found in pam_radius: the password length check was
done incorrectly in the add_password() function in pam_radius_auth.c,
resulting in a stack based buffer overflow.

This could be used to crash (DoS) an application using the PAM stack
for authentication.

For Debian 8 "Jessie", this problem has been fixed in version
1.3.16-4.4+deb8u1.

We recommend that you upgrade your libpam-radius-auth packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5RZeYACgkQgj6WdgbD
S5agfBAAgKX2EM+VZeipVk2GgqTNWC5vUo10kOm0co+zOvL6untIOC75pUA/Y8CP
XUGLJoy22JePmoPe2+YNo7mBaIL05D2MGv3e+mZXwNWJv68nphH26w8m0Ycn3bAI
oy+vVBXWJKndQvRCAYONEPvO70fYKw5MSz9TEwpLVdjW7cJmoNdI2z4leC+l3GU5
+vbsHn8aznr4MlXslwEZxjoGKKfJA8jwVYEu164j5NsbgHHsmjNBAv3PHejQIs3W
hTuby8d41/Iy2Al/rFzUhF7pCxahpXTtEgXhK2SwiY/3nxnonUHQDCXd1uar7JZ2
XSjvmESbx8eLcIEyftSN6Y1sAhCJeeojGwn9T/XVKHam5jesbtNzA5/4zkDdj2et
Wj9NLNSinnMkWmCDFxpS9xZEqIhXI8Cuajdz+Ij4t7u1nDbSWa5ZqFFCAFAUs9Jy
I8U/bxIxQdNIi3FSRZdsDV/pJwetfm6pa92WGqwqsTyzz2E8/A2y5rDzaci+j1il
Fb14xmaQuBZ9HlF2uXivduMpsPCjwMQTERnAIVoVuGVeZ2GzfxK5rSCp36WYORMt
oM8X27cs7bZPIciUmplvzO3XsljlDcTLJTRFr0JTm8e/TbYKEfpbzkkagtIF+Acy
PPVThrejb0xLX9C7i/BOzEhFf8aJwtyzNW2rlwuikjG/brJmuMw=
=ognX
-----END PGP SIGNATURE-----