oss-sec mailing list archives

CVE request: pam_mount: conf: re-add luserconf security checks

From: Eugene Teo <eteo () redhat com>
Date: Sat, 06 Sep 2008 08:42:39 +0800

Till Maas wrote:

On Fri September 5 2008, Till Maas wrote:

pam_mount just released an update that fixes a security vulnerability:
https://sourceforge.net/project/shownotes.php?release_id=624240


Will someone create the needed tracking bugs[1] for this and maybe request / 
assign a CVE number?


This email was posted in fedora-security-list@rc.

v0.47 (September 04 2008)
=========================
This release incorporates a security fix (item 3 on the list).
All administrators who have enabled <luserconf> in the configuration
file should upgrade. A workaround is to comment out <luserconf>.

- mount.crypt: add missing null command to conform to sh syntax
  (SF bug #2089446)
- conf: fix printing of strings when luser volume options were not ok
- conf: re-add luserconf security checks
[...]

https://sourceforge.net/project/shownotes.php?release_id=624240
http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Current thread:

CVE request: pam_mount: conf: re-add luserconf security checks Eugene Teo (Sep 05)