[SECURITY] [DLA 2239-1] libpam-tacplus security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2239-1] libpam-tacplus security update
From: "Chris Lamb" <lamby@debian.org>
Date: Mon, 8 Jun 2020 11:01:58 -0400 (EDT)
Message-id: <[🔎] 20200608150158.BDC2F14200A2@mailuser.nyi.internal>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libpam-tacplus
Version        : 1.3.8-2+deb8u1
CVE ID         : CVE-2020-13881

It was discovered that there was an issue in libpam-tacplus (a
security module for using the TACACS+ authentication service) where
shared secrets such as private server keys were being added in
the clear to various logs.

For Debian 8 "Jessie", this issue has been fixed in libpam-tacplus version
1.3.8-2+deb8u1.

We recommend that you upgrade your libpam-tacplus packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7eUqwACgkQHpU+J9Qx
HlgKJQ/+MAJiP2J3TiC6KsVFBdj9fiHvwoIBDqVchX0CKe/GHs2DJ7khHqNtUgEY
yNYTBwuiAr8YaU1xyLtyBhsZFOR7cywwS4dyc7RNCirssip9i9PAZrgzoXOfIUkz
8YuP++d/FzvCuKtQ9IXl75azQpripzzyYZ65pPfYBlOU4wF52jm5VGKpOS7JQtCK
ezKeV6Rb/y6gapTup5C7ji7B24/N4iu7R3my9OROAFcJMw5EUn8aoPMFDaJ0ykC2
sbga/sJImT7cHs16UsdK7jassMCjIVyXMLOIkOPPyvhN7Ayipx/YEsOwrm7t2A0q
78vqtlncvwlBhN4rTpsm9tOh1fK8c81Nk1qHOJ40FF0MzaiWXVutvoEKxyEjjY7A
Mt4ZN0KONuf38CRQNi4EkAE/3rxtTCb577p/HzAgSvKV5iKbAioAUZQww0rJvF0U
bAoeXUq32KxTgNCRtLKU6A7ttUY94KAzOLwtOxSmyNz+i1Wx22Z71OmB+BF8VEck
Z91PEAd0IL3XQBEEWV7RKYSryRveQL8ySyqWbUxN43FEJKvqDYQEu2+lTssMkd8B
yxqiFMWOUqRLYjyTNDv7odWxwzMi205sAsw4S5zZflKRiZCvaaTa2pF4shiAyi3V
9Mmi9M6iIwH0PuMVaGW2z8zHYdtQRMBEMtaYxtZQM30cYCE1nkg=
=KZU/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2238-1] libupnp security update
Next by Date: [SECURITY] [DLA 2240-1] bluez security update
Previous by thread: [SECURITY] [DLA 2238-1] libupnp security update
Next by thread: [SECURITY] [DLA 2240-1] bluez security update
Index(es):
- Date
- Thread