Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c15d5486 by Salvatore Bonaccorso at 2018-11-25T13:08:23Z Add CVE-2018-17953/pam The issue has been introduced by the SUSE applied patch pam-hostnames-in-access_conf.patch to support hostnames in access.conf introducing the issue as described in CVE-2018-17953[1] as demostrated by an access.conf containing ::1. Fixed in SUSE via a follow-up patch. [1] https://bugzilla.novell.com/show_bug.cgi?id=1115640 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4256,8 +4256,14 @@ CVE-2018-17955 RESERVED CVE-2018-17954 RESERVED -CVE-2018-17953 - RESERVED +CVE-2018-17953 [pam: pam_access.so doesn't properly handle ip addresses and subnets filtering] + RESERVED + - pam <not-affected> (Issue introduced by SUSE specific patch) + NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115640 + NOTE: Issue introduced by SUSE specific patch (pam-hostnames-in-access_conf.patch) + NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch + NOTE: And fixed with (use-correct-IP-address.patch) + NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch CVE-2018-17952 RESERVED CVE-2018-17951 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c15d5486e635b2487c81101dbfd71a0a122cf961 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c15d5486e635b2487c81101dbfd71a0a122cf961 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
