[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 191-1] checkpw security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : checkpw
Version        : 1.02-1+deb6u1
CVE ID         : CVE-2015-0885

Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password
authentication program, has a flaw in processing account names which
contain double dashes. A remote attacker can use this flaw to cause a
denial of service (infinite loop).

Thanks to Markus Koschany who prepared the Debian package.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVJly6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHDn8P/0Scbem8+KsHbDN063rVZuyg
Dni4+wl4/8C4WQqasnc5EWXQTuEUHVXVLb76pFZB7y4clRZksZdgCzm/ykOIqqAj
GpVpT+ixXTIAy3U7yjfyEXp53QKmy8yIQAlhj9Txx2sG3vGgMeZfSr4zo/DBjc4H
M95l/x2u08o/1vjiyf3cQH+Zgz+gWPTDGvhXWU7x97d8PLftmtCIvpgq+iq+IvUA
ntVuXPdMPsKIytfiSzz4+zfXSbRRRHmw8FHCzbgkv4x08JWqGneKipO/LqG2hxaf
c1k1di06pvSk2PTvS8B4qCGLQloloSaSiQQ2gAHqcVzu0h7rocmKMUtd89bMdFfG
+1LMRyhOc4ejN5bOdVP4n1K48UUJZo2Iw1GCo85XMa4wzBVB/CtSE1n/XyhO+8JM
Y+cFiA0aAiblIRbL1xYkcTB1BqBy0NJrcnLjrPutiy6+GVi73lSik9WWrAI/z6Qi
irOiaYeY+hVH10FqmsorYv8Kf3qoPCLXAPt5ZH/kCJAUnv3ZFbZEelmrGe94Nxkf
mYnkz2P8kj9x1bMhTIA1Z21w8MmffvRuT/9tE8MR0pC00DqFOoYch5p1beKzKsXB
u9PO/+jWjnxr669vvbdWNybAVtszAE3VE5trKbEHuEafFAa6/4nBjnOPukRfWlN7
s+CgWmoJ/ZxaErjjnT1J
=/4vw
-----END PGP SIGNATURE-----


Reply to: