Debian Security Advisory
DLA-2000-1 pam-python -- LTS security update
- Date Reported:
- 23 Nov 2019
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 942514.
In Mitre's CVE dictionary: CVE-2019-16729.
- More information:
It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root escalation in certain PAM setups.
For Debian 8
Jessie, this problem has been fixed in version 1.0.4-1.1+deb8u1.
We recommend that you upgrade your pam-python packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS