commit: 6dad3beedac1a440cb24341d42abdfeafffde790 Author: Ulrich Müller <ulm <AT> gentoo <DOT> org> AuthorDate: Mon Aug 26 19:40:12 2013 +0000 Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org> CommitDate: Tue Aug 27 05:04:02 2013 +0000 URL: https://gitweb.gentoo.org/dev/ulm.git/commit/?id=6dad3bee
Erase cleartext passwords from memory, bug 482588. .../pam_skey/1.1.5/05_all_delete_response.patch | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/patchsets/pam_skey/1.1.5/05_all_delete_response.patch b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch new file mode 100644 index 0000000..1e45f25 --- /dev/null +++ b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch @@ -0,0 +1,21 @@ +https://bugs.gentoo.org/482588 +Erase cleartext passwords from memory (CVE-2013-4285). + +--- pam_skey-1.1.5/pam_skey.c ++++ pam_skey/pam_skey.c +@@ -129,6 +129,7 @@ + } + if (strcasecmp(response,"s/key")!=0) { + status = pam_set_item(pamh, PAM_AUTHTOK, response); ++ _pam_delete(response); + if (status != PAM_SUCCESS) + return status; + return PAM_IGNORE; +@@ -176,6 +177,7 @@ + } + + status = pam_set_item(pamh, PAM_AUTHTOK, response); ++ _pam_delete(response); + return PAM_IGNORE; + } +
