Debian Security Advisory
DSA-3567-1 libpam-sshauth -- security update
- Date Reported:
- 04 May 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-4422.
- More information:
It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.
For the stable distribution (jessie), this problem has been fixed in version 0.3.1-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 0.4.1-2.
For the unstable distribution (sid), this problem has been fixed in version 0.4.1-2.
We recommend that you upgrade your libpam-sshauth packages.