[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1165-1] libpam4j security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libpam4j
Version        : 1.4-2+deb7u1
CVE ID         : CVE-2017-12197
Debian Bug     : 879001

It was discovered that libpam4j, a Java binding for libpam.so, does
not call pam_acct_mgmt(). As a consequence, the PAM account is not
properly
verified. Any user with a valid password but with deactivated or
disabled account was able to log in.

For Debian 7 "Wheezy", these problems have been fixed in version
1.4-2+deb7u1.

We recommend that you upgrade your libpam4j packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloBxkFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRiZA//WS/AIpQORtFExrl2SLBOTd6933lcEZfFhEOAydJpJ9Xsq2ozcXeQbnmo
d6J8dqjYcQGrMBLPz/0tsJnj5OJej8NCBzQ/ccDvwvevGP3n2ftVBOAq0W799KG2
k1NVxplYFfZ7bmp8/fvS77ODCdjyL+RsX6QTcjQCz0SAnMcfb7q9yk8l5SPJY4aI
dfSeC/AfbHMngXmhPXoAxO17vViAvQ/Tjsy0qIM+TtthKsxHDsCokovjANPl6DiD
F6EjtdlGuial1+8uD2qYFcAOw83Vc34dZ4jTtzAI2AcYBd/CGvvnsXkvpPQrrMQe
s/Tayh9DfxBhs50ZjOZbt8/+bJ/9809RKmxIx+7bwSZmYPTE5cal9vGf9J5K8Ut+
PGNG90OVNUTXOZlkIiYc02zkFlJjH4dvgW2rZLyGdzslgBShrwrNBB3itLji9+Jg
52SVOUA3S/9J5rYMklyMM7ad4CbXYsVuCZJt0udJ9D8sGLCrWFikUbPs2GFS2t/G
ySoDZe9ANaj24Qe3GKDcSOJAnRDr9dQ/Pt6RvPTnGmT+EAK/xc2o1ii2RHmByrsH
I/5ukfGMxNK+pz8jz8ahNPk2OAZVzNMUCcQbxvoye9YdBVzBR5DYM097gv6Lyepi
nwHuBwHZ2H5ab/g7l7bzid5I0ar1I8G29VviCuR8MnM3C5MgNNQ=
=yn/R
-----END PGP SIGNATURE-----


Reply to: