Hello community,
here is the log from the commit of package pam for openSUSE:11.4
checked in at Tue Oct 25 17:04:04 CEST 2011.
--------
--- old-versions/11.4/all/pam/pam.changes 2011-02-23 13:46:27.000000000 +0100
+++ 11.4/pam/pam.changes 2011-10-25 14:30:23.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Oct 24 10:55:45 CEST 2011 - mc@suse.de
+
+- fix possible overflow and DOS in pam_env (bnc#724480)
+ CVE-2011-3148, CVE-2011-3149
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback old-versions/11.4/all/pam
Destination is old-versions/11.4/UPDATES/all/pam
calling whatdependson for 11.4-i586
New:
----
bug-724480_pam_env-fix-dos.patch
bug-724480_pam_env-fix-overflow.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam.spec ++++++
--- /var/tmp/diff_new_pack.sNcW1d/_old 2011-10-25 17:00:38.000000000 +0200
+++ /var/tmp/diff_new_pack.sNcW1d/_new 2011-10-25 17:00:38.000000000 +0200
@@ -38,7 +38,7 @@
%endif
#
Version: 1.1.3
-Release: 4.<RELEASE2>
+Release: 4.<RELEASE9>
Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
Source1: Linux-PAM-%{version}-docs.tar.bz2
@@ -53,6 +53,8 @@
Patch0: pam_tally-deprecated.diff
# fix for bnc#673826 (pam_listfile logging)
Patch1: pam_listfile-quiet.patch
+Patch2: bug-724480_pam_env-fix-overflow.patch
+Patch3: bug-724480_pam_env-fix-dos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -103,6 +105,8 @@
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%build
CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \
++++++ bug-724480_pam_env-fix-dos.patch ++++++
Description: abort when encountering an overflowed environment variable
expansion (CVE-2011-3149).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
Author: Kees Cook