Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-2000-1 pam-python

Debian Security Advisory

DLA-2000-1 pam-python -- LTS security update

Date Reported:

23 Nov 2019

Affected Packages:

pam-python

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 942514.
In Mitre's CVE dictionary: CVE-2019-16729.

More information:

It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root escalation in certain PAM setups.

For Debian 8 Jessie, this problem has been fixed in version 1.0.4-1.1+deb8u1.

We recommend that you upgrade your pam-python packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS