-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libpam4j Version : 1.4-2+deb7u1 CVE ID : CVE-2017-12197 Debian Bug : 879001
It was discovered that libpam4j, a Java binding for libpam.so, does not call pam_acct_mgmt(). As a consequence, the PAM account is not properly verified. Any user with a valid password but with deactivated or disabled account was able to log in. For Debian 7 "Wheezy", these problems have been fixed in version 1.4-2+deb7u1. We recommend that you upgrade your libpam4j packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloBxkFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRiZA//WS/AIpQORtFExrl2SLBOTd6933lcEZfFhEOAydJpJ9Xsq2ozcXeQbnmo d6J8dqjYcQGrMBLPz/0tsJnj5OJej8NCBzQ/ccDvwvevGP3n2ftVBOAq0W799KG2 k1NVxplYFfZ7bmp8/fvS77ODCdjyL+RsX6QTcjQCz0SAnMcfb7q9yk8l5SPJY4aI dfSeC/AfbHMngXmhPXoAxO17vViAvQ/Tjsy0qIM+TtthKsxHDsCokovjANPl6DiD F6EjtdlGuial1+8uD2qYFcAOw83Vc34dZ4jTtzAI2AcYBd/CGvvnsXkvpPQrrMQe s/Tayh9DfxBhs50ZjOZbt8/+bJ/9809RKmxIx+7bwSZmYPTE5cal9vGf9J5K8Ut+ PGNG90OVNUTXOZlkIiYc02zkFlJjH4dvgW2rZLyGdzslgBShrwrNBB3itLji9+Jg 52SVOUA3S/9J5rYMklyMM7ad4CbXYsVuCZJt0udJ9D8sGLCrWFikUbPs2GFS2t/G ySoDZe9ANaj24Qe3GKDcSOJAnRDr9dQ/Pt6RvPTnGmT+EAK/xc2o1ii2RHmByrsH I/5ukfGMxNK+pz8jz8ahNPk2OAZVzNMUCcQbxvoye9YdBVzBR5DYM097gv6Lyepi nwHuBwHZ2H5ab/g7l7bzid5I0ar1I8G29VviCuR8MnM3C5MgNNQ= =yn/R -----END PGP SIGNATURE-----
